mirai | b15eca8497ee7c754ae99626c1b50afc2777afb0178f4b052aa7c75136c28c20 | Triage

Sharing

General

Target

b15eca8497ee7c754ae99626c1b50afc2777afb0178f4b052aa7c75136c28c20.elf
Size

174KB
Sample

250308-pvatwaxlv7
MD5

65e33240574661d5ed9ed7676272cd40
SHA1

7ef110e2a7a39514caa1d20eb6ddf6b4bc823e29
SHA256

b15eca8497ee7c754ae99626c1b50afc2777afb0178f4b052aa7c75136c28c20
SHA512

f3f3ee75eb2e06eb95811133a26b789e73545f75b925b72293e0d7fcad73f53d7f6e21dffbda4fb048ac69d5bf6de9d6a07454d11e2712e78326f52278468189
SSDEEP

3072:MQRwgCEuSOFBjZIumaCssvWmO7xhntKFdjq1shGAHgj7RM/9Gdfv:MQRVvsF3FmaCssvWmQxbKXjqS5Hgj1MQ

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

raw.awaken-network.net

Targets

- Target
  
  b15eca8497ee7c754ae99626c1b50afc2777afb0178f4b052aa7c75136c28c20.elf
- Size
  
  174KB
- MD5
  
  65e33240574661d5ed9ed7676272cd40
- SHA1
  
  7ef110e2a7a39514caa1d20eb6ddf6b4bc823e29
- SHA256
  
  b15eca8497ee7c754ae99626c1b50afc2777afb0178f4b052aa7c75136c28c20
- SHA512
  
  f3f3ee75eb2e06eb95811133a26b789e73545f75b925b72293e0d7fcad73f53d7f6e21dffbda4fb048ac69d5bf6de9d6a07454d11e2712e78326f52278468189
- SSDEEP
  
  3072:MQRwgCEuSOFBjZIumaCssvWmO7xhntKFdjq1shGAHgj7RM/9Gdfv:MQRVvsF3FmaCssvWmQxbKXjqS5Hgj1MQ
Score

9^/10

defense_evasion discovery
- Contacts a large (2050) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery