mirai | d2cf2709fd13d028edfb31dfedba797d8f383eb8e9e117aa661ca5ac0cfff56f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x86.elf
Size

54KB
Sample

230303-j5ktyagg28
MD5

709a4303a8a411c2614f7b88522faea9
SHA1

7ec23c1c319c1b2a2512f104c0abe57d076f8afb
SHA256

d2cf2709fd13d028edfb31dfedba797d8f383eb8e9e117aa661ca5ac0cfff56f
SHA512

a0f1a31c656af78505da047cd264ae7bfee638eea99e1dc912250006b421fa64e79d4a7893800c87c492291307fa46b1c60e425ea11b5539885062d83e37a39b
SSDEEP

1536:JeESt/basV2rcZhG6ySN7na8Re9xzWOIaEjrqMds:JeESt/basVTgS7na8w9BtXESy

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

botnet.zingspeed.me

Targets

- Target
  
  x86.elf
- Size
  
  54KB
- MD5
  
  709a4303a8a411c2614f7b88522faea9
- SHA1
  
  7ec23c1c319c1b2a2512f104c0abe57d076f8afb
- SHA256
  
  d2cf2709fd13d028edfb31dfedba797d8f383eb8e9e117aa661ca5ac0cfff56f
- SHA512
  
  a0f1a31c656af78505da047cd264ae7bfee638eea99e1dc912250006b421fa64e79d4a7893800c87c492291307fa46b1c60e425ea11b5539885062d83e37a39b
- SSDEEP
  
  1536:JeESt/basV2rcZhG6ySN7na8Re9xzWOIaEjrqMds:JeESt/basVTgS7na8w9BtXESy
Score

9^/10

discovery
- Contacts a large (37879) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1