mirai | 5d7d09bb0cde550a36f653fc1304d02a4857f748eb71907bca3af53fab4fdc09 | Triage

Sharing

General

Target

014a0d28c6684fa6486fc344c246f69c.bin
Size

29KB
Sample

250413-bcnfcsvyh1
MD5

02856285e8953527274fdf6659e2e497
SHA1

15054d905a4acf0d2f222b7b020f779505a3598c
SHA256

5d7d09bb0cde550a36f653fc1304d02a4857f748eb71907bca3af53fab4fdc09
SHA512

3b485b79bfd35d19b0cb2adafffb2e6e21f88917e13946c4fabfee8370438593ef5891c85c00f9bf1c7d3693ee22da80a4ee74941a6c542a2c628abea7e86589
SSDEEP

768:R2C+qKVsCPMnz9ZVgduzQbJ9aq5arOS+fHZc4z15k:R2CjrC0nJU8z8Tam3n115k

Score

10^/10

mirai mirai defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  6ff23721d3b6c6677de0ee75d7d8c65baae779ebf87e090e1fd031f0bf02ea6e.elf
- Size
  
  54KB
- MD5
  
  014a0d28c6684fa6486fc344c246f69c
- SHA1
  
  611a1dcfd5a6dcf5bc4d433c91dc912f19885e9d
- SHA256
  
  6ff23721d3b6c6677de0ee75d7d8c65baae779ebf87e090e1fd031f0bf02ea6e
- SHA512
  
  36a71bf3a1bae29b02da543c7a3b9c6be02149e4ee6e0bcf7267abfcb8bb46e1e89ebc5becc5b3e92c749620e6e11df2a66c0cad76b42d1b7e26874d65c7a0df
- SSDEEP
  
  1536:7Mxtjx62+Ypjj+FFDLB/Ek8jOhC8jTXjUvzIkPR0:7AxF+YpjEFHBcHOn47IEq
Score

9^/10

defense_evasion discovery
- Contacts a large (4728) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery