mirai | 912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c | Triage

Submit
Reports

Overview

overview

Static

static

912bfae6ba...6c.elf

debian-9-armhf

7

Sharing

General

Target

912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c.elf
Size

72KB
Sample

250308-nfr9yawms8
MD5

eaabc7aad745c2d680ea6bfc9444abbb
SHA1

c1823744d9b6d8ebc3e268b769761816a3b7e707
SHA256

912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c
SHA512

371cb11d0555fe0ef01e36bc6fa798cc3526a4c813a64203651d3a6aa272d2146ab2823dcbff479b5a8dc413865d586d9f3f3919ce05fe51c5cce69621f81d98
SSDEEP

1536:tdn6SsyWpUI66PvdMg3+rh5z1OZtBlDwwOLtwyGn9a9luOZciYvxLr:ZsyWUgvdMA+947BlDwwOLtwyGLu+vxn

Score

10^/10

mirai botnet defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c.elf

Resource

debian9-armhf-20240611-en

defense_evasion discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c.elf
- Size
  
  72KB
- MD5
  
  eaabc7aad745c2d680ea6bfc9444abbb
- SHA1
  
  c1823744d9b6d8ebc3e268b769761816a3b7e707
- SHA256
  
  912bfae6bac55c7a62b01ba0926e88ddae64c892757e6e7e26f94ff032422b6c
- SHA512
  
  371cb11d0555fe0ef01e36bc6fa798cc3526a4c813a64203651d3a6aa272d2146ab2823dcbff479b5a8dc413865d586d9f3f3919ce05fe51c5cce69621f81d98
- SSDEEP
  
  1536:tdn6SsyWpUI66PvdMg3+rh5z1OZtBlDwwOLtwyGn9a9luOZciYvxLr:ZsyWUgvdMA+947BlDwwOLtwyGLu+vxn
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy