mirai | f327ab37d2c795344b9ece6b06744d3ec0b2fb0bffa4f3001c36080c1f1f2189 | Triage

Sharing

General

Target

f327ab37d2c795344b9ece6b06744d3ec0b2fb0bffa4f3001c36080c1f1f2189.elf
Size

116KB
Sample

250308-sm1xwayxhy
MD5

3fe14dd4eda98e3a70901413189cd598
SHA1

c6efa5350577fc9b7b10a1eef0a538a7b03bdb38
SHA256

f327ab37d2c795344b9ece6b06744d3ec0b2fb0bffa4f3001c36080c1f1f2189
SHA512

fea08d29dbf446888c080338a3ddeff2cbe32b7e5bf99ae7d0c05026c14d3162335bd679db7e2d9a2704ed33b66ab86cb122e64ae78c1936ec1a4fbdde08fcd2
SSDEEP

1536:uakh1I+6HIVbCxBCrJyrC3YyGd18SQZWR6AcwD02UzDxHB5UAe9QZ/:uakQ+6oV2C9y2YyGHpwrwD7UzXOe

Score

10^/10

mirai botnet discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

raw.awaken-network.net

141.98.10.142

Targets

- Target
  
  f327ab37d2c795344b9ece6b06744d3ec0b2fb0bffa4f3001c36080c1f1f2189.elf
- Size
  
  116KB
- MD5
  
  3fe14dd4eda98e3a70901413189cd598
- SHA1
  
  c6efa5350577fc9b7b10a1eef0a538a7b03bdb38
- SHA256
  
  f327ab37d2c795344b9ece6b06744d3ec0b2fb0bffa4f3001c36080c1f1f2189
- SHA512
  
  fea08d29dbf446888c080338a3ddeff2cbe32b7e5bf99ae7d0c05026c14d3162335bd679db7e2d9a2704ed33b66ab86cb122e64ae78c1936ec1a4fbdde08fcd2
- SSDEEP
  
  1536:uakh1I+6HIVbCxBCrJyrC3YyGd18SQZWR6AcwD02UzDxHB5UAe9QZ/:uakQ+6oV2C9y2YyGHpwrwD7UzXOe
Score

9^/10

discovery rootkit
- Contacts a large (37881) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit