mirai | e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

e277627730...2c.elf

debian-12-armhf

9

Sharing

General

Target

e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c.elf
Size

78KB
Sample

250320-eyexwstsbz
MD5

e4e720344583af10c91c32edec13862a
SHA1

c6894117519fcc7ad88cf8ee88c79dab00ed33c7
SHA256

e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c
SHA512

d1546f6df605b82ba4e533cd87b56a4b6c1b98d7b51c8afc046c7411fb0219f09cfd49b25af014fc7575950ef652bb38debfa3a6120ef877590a5af429726d90
SSDEEP

1536:ZhnIM5+DZdsU91ns8vIjLh7ZGarmWjGqEB0TQzQ003mNl4YiPJGDrp8UXPbbBR:IQ+FdFsYIXhkD8GqEB0TQzQ0sjGDraUD

Score

10^/10

mirai botnet defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c.elf

Resource

debian12-armhf-20240221-en

defense_evasion discovery

debian-12-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c.elf
- Size
  
  78KB
- MD5
  
  e4e720344583af10c91c32edec13862a
- SHA1
  
  c6894117519fcc7ad88cf8ee88c79dab00ed33c7
- SHA256
  
  e277627730229e38208f001e4361d16892ac7c9bfe68b01270d7436d7b30862c
- SHA512
  
  d1546f6df605b82ba4e533cd87b56a4b6c1b98d7b51c8afc046c7411fb0219f09cfd49b25af014fc7575950ef652bb38debfa3a6120ef877590a5af429726d90
- SSDEEP
  
  1536:ZhnIM5+DZdsU91ns8vIjLh7ZGarmWjGqEB0TQzQ003mNl4YiPJGDrp8UXPbbBR:IQ+FdFsYIXhkD8GqEB0TQzQ0sjGDraUD
Score

9^/10

defense_evasion discovery
- Contacts a large (73092) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy