mirai | da62b86b8ccb705b060d91a343fd58c2bccd0118b1f9d2ff2a883c2ead091c5e | Triage

Submit
Reports

Overview

overview

Static

static

7

b3astmode.x86

ubuntu-18.04-amd64

Sharing

General

Target

b3astmode.x86
Size

27KB
Sample

230429-hrtn9aab47
MD5

03131d436afb62e6632944dae320979f
SHA1

db78ded95196d8e671b2f2136e90427885788715
SHA256

da62b86b8ccb705b060d91a343fd58c2bccd0118b1f9d2ff2a883c2ead091c5e
SHA512

ca3a26af5730ca43ff53544a23066e098dd4862f7ce627905d11b3d7ac89c00a597720d8c3134639314af89318f538270d68133c771de709cf729a94222897e6
SSDEEP

384:MAZ83WvukT8nkIhpEIsYlDd4aIefzm70u9fAhCPj14AaJFA0jHIjW9GgD4duxlfC:j+Wv/CnpEQgefzMZUkRvVi4zGYtT3Ay

Score

10^/10

mirai unst botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b3astmode.x86

Resource

ubuntu1804-amd64-20221111-en

mirai unst botnet discovery

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

- Target
  
  b3astmode.x86
- Size
  
  27KB
- MD5
  
  03131d436afb62e6632944dae320979f
- SHA1
  
  db78ded95196d8e671b2f2136e90427885788715
- SHA256
  
  da62b86b8ccb705b060d91a343fd58c2bccd0118b1f9d2ff2a883c2ead091c5e
- SHA512
  
  ca3a26af5730ca43ff53544a23066e098dd4862f7ce627905d11b3d7ac89c00a597720d8c3134639314af89318f538270d68133c771de709cf729a94222897e6
- SSDEEP
  
  384:MAZ83WvukT8nkIhpEIsYlDd4aIefzm70u9fAhCPj14AaJFA0jHIjW9GgD4duxlfC:j+Wv/CnpEQgefzMZUkRvVi4zGYtT3Ay
Score

10^/10

mirai unst botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (69098) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraiunstbotnetdiscovery

© 2018-2024

Terms | Privacy