mirai | 8e39d36c240e81592cd8bdad771bb918510f8c8ac0e4f50f7af870389ae01889 | Triage

Sharing

General

Target

7bc2c217a01df86c6e18820f857acf92.elf
Size

61KB
Sample

230403-g1gklsdb72
MD5

7bc2c217a01df86c6e18820f857acf92
SHA1

8252306c73be0b967363b20231611cd21b8ef638
SHA256

8e39d36c240e81592cd8bdad771bb918510f8c8ac0e4f50f7af870389ae01889
SHA512

cea39e6eb779bd044718334722c4147b02e952af4d222a287b00a24ebc004362c28f7168e47d3840d0e0a67b0fea0da9a2fd9fc9e0a0fd32f23e8a9c74fdcc75
SSDEEP

1536:dpmbSQ6U3q7cCBT/lZsK/0DiQ4LiKimfFoktCe3fYRMj:WShU3q7cEDlCK/0Dw9i8Fok06fYRc

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

thanh.ddns.net

Targets

- Target
  
  7bc2c217a01df86c6e18820f857acf92.elf
- Size
  
  61KB
- MD5
  
  7bc2c217a01df86c6e18820f857acf92
- SHA1
  
  8252306c73be0b967363b20231611cd21b8ef638
- SHA256
  
  8e39d36c240e81592cd8bdad771bb918510f8c8ac0e4f50f7af870389ae01889
- SHA512
  
  cea39e6eb779bd044718334722c4147b02e952af4d222a287b00a24ebc004362c28f7168e47d3840d0e0a67b0fea0da9a2fd9fc9e0a0fd32f23e8a9c74fdcc75
- SSDEEP
  
  1536:dpmbSQ6U3q7cCBT/lZsK/0DiQ4LiKimfFoktCe3fYRMj:WShU3q7cEDlCK/0Dw9i8Fok06fYRc
Score

9^/10

discovery
- Contacts a large (37365) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1