mirai | 422c493aee7a2204cd42fb725db36be6fe5c0e8c79f9bca39b55938fd817f942 | Triage

Sharing

General

Target

kwari.x86.elf
Size

52KB
Sample

230317-kmklwshc3w
MD5

6934ca155ff59b2a71ab0db156c83cdf
SHA1

ca31d184523d9b74d4a862aecab56efaedcc211c
SHA256

422c493aee7a2204cd42fb725db36be6fe5c0e8c79f9bca39b55938fd817f942
SHA512

75060ebd150ad15487d6d89bcef6f0acda2405c9e86ac437aa6b5edfa7aa087075de1553e1443409b367e82694d20295fdde0f36a675eba7dcf17d59d166f814
SSDEEP

1536:PS+dEczOjRC6qf1dhWphmEBg19/MEgnNxg+kC:bOjRC6qf1dhWphmEBg1FMEGN+H

Score

10^/10

mirai kaizen discovery linux

Malware Config

Extracted

Family

mirai

Botnet

KAIZEN

Targets

- Target
  
  kwari.x86.elf
- Size
  
  52KB
- MD5
  
  6934ca155ff59b2a71ab0db156c83cdf
- SHA1
  
  ca31d184523d9b74d4a862aecab56efaedcc211c
- SHA256
  
  422c493aee7a2204cd42fb725db36be6fe5c0e8c79f9bca39b55938fd817f942
- SHA512
  
  75060ebd150ad15487d6d89bcef6f0acda2405c9e86ac437aa6b5edfa7aa087075de1553e1443409b367e82694d20295fdde0f36a675eba7dcf17d59d166f814
- SSDEEP
  
  1536:PS+dEczOjRC6qf1dhWphmEBg19/MEgnNxg+kC:bOjRC6qf1dhWphmEBg1FMEGN+H
Score

9^/10

discovery
- Contacts a large (311301) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1