mirai | 91bd3a681e9068a12e9992bd7450656a1baada7d95d0c6df23733499980635a4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17769b836fa7102a48f78b30dd8e1fc9.elf
Size

48KB
Sample

221123-wtqx2afh4x
MD5

17769b836fa7102a48f78b30dd8e1fc9
SHA1

d635802701f9d5af2213f82423159fedd5abfd18
SHA256

91bd3a681e9068a12e9992bd7450656a1baada7d95d0c6df23733499980635a4
SHA512

682a4efdc2e9218bcefde6b510280f87c2e53f386bff213dfe35e20a1c53c70f99395c91394cc65bd7877d13e57042c344070bed29f8167c7b8ff9571d7bdb6d
SSDEEP

1536:G+trSMjpeR9yE6wXxmcPDVOeK0bymMMi:G+BJj0Rcdw4cQ9023

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

ilovecock.mvp-online.cc

femnet.femboy.boats

Targets

- Target
  
  17769b836fa7102a48f78b30dd8e1fc9.elf
- Size
  
  48KB
- MD5
  
  17769b836fa7102a48f78b30dd8e1fc9
- SHA1
  
  d635802701f9d5af2213f82423159fedd5abfd18
- SHA256
  
  91bd3a681e9068a12e9992bd7450656a1baada7d95d0c6df23733499980635a4
- SHA512
  
  682a4efdc2e9218bcefde6b510280f87c2e53f386bff213dfe35e20a1c53c70f99395c91394cc65bd7877d13e57042c344070bed29f8167c7b8ff9571d7bdb6d
- SSDEEP
  
  1536:G+trSMjpeR9yE6wXxmcPDVOeK0bymMMi:G+BJj0Rcdw4cQ9023
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1