mirai | fd3d0b264db42129b267ec3b01a2f2a5414668ea82a17b47d621b15bc9282011 | Triage

Submit
Reports

Overview

overview

Static

static

nklarm7.elf

debian-9-armhf

9

Sharing

General

Target

nklarm7.elf
Size

73KB
Sample

250310-b4rbbsyscw
MD5

862793c87c5bc7664ee11d9ef2122a51
SHA1

1640fe8b76cb1d116aefa393ff64a532561d497a
SHA256

fd3d0b264db42129b267ec3b01a2f2a5414668ea82a17b47d621b15bc9282011
SHA512

ec7d0a59cc84412370dd952c74f56cbec786037ca36faae9d0cad60637b1943f7a18c51ffc51acc25581883fe67f127513bd509c83fbff2341bf545fb5f06f00
SSDEEP

1536:Npngq7mByGw9K09oABAKgddL/4/eLJX9woDVoK/M9J9lcki/H+ArX:EomBC9KABA9d+/eLR9woDVoK/fxH+u

Score

10^/10

mirai botnet defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nklarm7.elf

Resource

debian9-armhf-20240611-en

defense_evasion discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  nklarm7.elf
- Size
  
  73KB
- MD5
  
  862793c87c5bc7664ee11d9ef2122a51
- SHA1
  
  1640fe8b76cb1d116aefa393ff64a532561d497a
- SHA256
  
  fd3d0b264db42129b267ec3b01a2f2a5414668ea82a17b47d621b15bc9282011
- SHA512
  
  ec7d0a59cc84412370dd952c74f56cbec786037ca36faae9d0cad60637b1943f7a18c51ffc51acc25581883fe67f127513bd509c83fbff2341bf545fb5f06f00
- SSDEEP
  
  1536:Npngq7mByGw9K09oABAKgddL/4/eLJX9woDVoK/M9J9lcki/H+ArX:EomBC9KABA9d+/eLR9woDVoK/fxH+u
Score

9^/10

defense_evasion discovery
- Contacts a large (163677) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy