mirai | 365d5acb99bdc39ab696579366e15f324305af45f5a1a81b9cfbfc121cef74a1 | Triage

Sharing

General

Target

0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.zip
Size

37KB
Sample

230308-mfdk4sfd47
MD5

8d05f045ac1752f350fc7e533ec54540
SHA1

e55e2b494a5966cf59d63da307697c6b4bd5e0a7
SHA256

365d5acb99bdc39ab696579366e15f324305af45f5a1a81b9cfbfc121cef74a1
SHA512

1837e0aa4670a531d2f70c4381904f83cb2303bba94904f744abfecbd31da340cfd2d5406a3d783ecea48dc396b8111a8876924769db3141ec41b754eb46c7b0
SSDEEP

768:NJe5GL+Aj5JeBcpmuke7ozsscNtlVEXY6rhryw9hJTDcTWMTX:eRxBUjskpEX/lmUhfMr

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

cnc.cattostresser.com

Targets

- Target
  
  0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7.elf
- Size
  
  72KB
- MD5
  
  4e1b39e6ff6238ccbb5dab6f16ad59d4
- SHA1
  
  e6d26093b9ebda9ab39c04b229d1b8acd79b08d8
- SHA256
  
  0fb5715a29705c1802458277ed5ba2d09fae7871f0a7ac51f17cb256b3a85ed7
- SHA512
  
  6d9e94e5cb0d28ecbf6ab8863a417d68f49e6edb11b8a2f08b3d0b8bbd90a3c7832664827dd87f68ed029435e728469f04290fccbd6332a3768df28af90f2bfe
- SSDEEP
  
  1536:BRHgwQtdR3O76//wsAVtlJlDLGMAeH2k2gTa4MsFMK:PHgwGdR3qO/jst3lDL/iglMsFx
Score

9^/10

discovery
- Contacts a large (37366) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1