mirai | aeb29095e5a75b08b8350d5397f252b279dd8285ba325d34a17ea9e3149800e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

582f1d4857de6c3507b98f97b650523b72e032291f51aa10a1c5112bd2ccaf5d.zip
Size

29KB
Sample

230208-lxfalaaa65
MD5

1ae4127924b1217d26aa08af740be272
SHA1

a5b3ed13ba7216970c2b06619593b374ea642aaf
SHA256

aeb29095e5a75b08b8350d5397f252b279dd8285ba325d34a17ea9e3149800e6
SHA512

2f4ab75aa336c1ba7b8c1f7360541855f5c115227bcbf33e34e8ba7749b231ad84c55a9a77f405f68bfc4593165abf1f53f2c190d02d1d8a0ddcb1d85534d531
SSDEEP

768:bSs0guxkk98CYDh0ZQNbEYWLdG7Fsh3vpTrTa:bu3xkkqCY91NYY57SdpTva

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

j.xnyidc.top

Targets

- Target
  
  582f1d4857de6c3507b98f97b650523b72e032291f51aa10a1c5112bd2ccaf5d.elf
- Size
  
  54KB
- MD5
  
  def915195c2e507f8d26dd3e0ff8913d
- SHA1
  
  ab7b5bb78de8381d50ec33a05a6a221ed18f320b
- SHA256
  
  582f1d4857de6c3507b98f97b650523b72e032291f51aa10a1c5112bd2ccaf5d
- SHA512
  
  1d3935f9dc51603d8553252b5a42d462a0a9e8905752fc67ce37f59ac172fceaf4baa2a90495a338682b2831ca5dbbebb55dea08b490d1207405fa63da82ee73
- SSDEEP
  
  1536:JeESt/basV2rcZhG6+KN7Tqa9qpFzWOIaEjrqMZs:JeESt/basVTgW7Tqawp9tXESy
Score

9^/10

discovery
- Contacts a large (37366) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1