mirai | 4fa6a99bca80113b7ab78d2856de0543e517b539c024f16dec31fb1ab3cb85cf | Triage

Submit
Reports

Overview

overview

Static

static

ChromeSetup.exe

windows7-x64

8

ChromeSetup.exe

windows10-2004-x64

Sharing

General

Target

ChromeSetup.exe
Size

2.3MB
Sample

221115-1v95hsca3v
MD5

bef263acb771378244d3f987971c160a
SHA1

fd7e414e8f2efb6711820508bcc4f2f09416e2c8
SHA256

4fa6a99bca80113b7ab78d2856de0543e517b539c024f16dec31fb1ab3cb85cf
SHA512

144eace37f55bcb63c771449cb8c9e47b84e1a475837265e98c92a7d46d63ff7f7c349ddba14e427f887ba00ba79b62828de75b885b5b365ec75f6eb69dbb220
SSDEEP

49152:y31h6jJ4GCP+NV2iPcF3cPbFMT1vkWZVoimDaIEk2necB7QbbiES7n/:yPU7++NtPOca5vhkixDejU

Score

10^/10

mirai botnet discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ChromeSetup.exe

Resource

win7-20221111-en

discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ChromeSetup.exe

Resource

win10v2004-20221111-en

mirai botnet discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ChromeSetup.exe
- Size
  
  2.3MB
- MD5
  
  bef263acb771378244d3f987971c160a
- SHA1
  
  fd7e414e8f2efb6711820508bcc4f2f09416e2c8
- SHA256
  
  4fa6a99bca80113b7ab78d2856de0543e517b539c024f16dec31fb1ab3cb85cf
- SHA512
  
  144eace37f55bcb63c771449cb8c9e47b84e1a475837265e98c92a7d46d63ff7f7c349ddba14e427f887ba00ba79b62828de75b885b5b365ec75f6eb69dbb220
- SSDEEP
  
  49152:y31h6jJ4GCP+NV2iPcF3cPbFMT1vkWZVoimDaIEk2necB7QbbiES7n/:yPU7++NtPOca5vhkixDejU
Score

10^/10

discovery spyware stealer mirai botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

miraibotnetdiscoveryspywarestealer

© 2018-2024

Terms | Privacy