mirai | 94c49e730a88a2c854e60f27d06f3a33af4e2e1ac32c41bdbfe7c22c375e4963 | Triage

Submit
Reports

Overview

overview

Static

static

7

75a88da8eb...aa.elf

ubuntu-18.04-amd64

Sharing

General

Target

2bad8f8537af64c19b6f4314c354edc0.bin
Size

26KB
Sample

230510-bn8knsfe8t
MD5

9578e774de1af8415e412eafdd2a5def
SHA1

5d33e677022e5df9aa714559efd9d1693e8a68b1
SHA256

94c49e730a88a2c854e60f27d06f3a33af4e2e1ac32c41bdbfe7c22c375e4963
SHA512

b53e86fbd722beded29b1b72fb72c0ffabaee83ea2a585bd0050415bc207c6d7b0a1e98f4a12344adbd83edab9f9491f20620387c7f139093c6d9b6a2af52269
SSDEEP

768:vROdvCA7tV1CZN1LnPXdTBZORvhLYXgqE:vRIH7tV1EN1LnVTBSZr

Score

10^/10

mirai botnet botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa.elf

Resource

ubuntu1804-amd64-20221125-en

mirai botnet botnet discovery

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

pachoisgay.3utilities.com

Targets

- Target
  
  75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa.elf
- Size
  
  26KB
- MD5
  
  2bad8f8537af64c19b6f4314c354edc0
- SHA1
  
  7e49fd3174326b51fa988911dfc517c419710438
- SHA256
  
  75a88da8eb68a86955194ffd839ace87201ebad837cf6d9dfddbb2f6a1ef08aa
- SHA512
  
  d63d494730e61965d1bdc9ac36eca64cee00bde9ed07eb7a3c272fc4775cd57d107f21c473a0d23c1cd1551f6e3b5c729e37b44f0c618675013a8fef3b18ff33
- SSDEEP
  
  384:MUv66YgiokzDM366q1tl81r31ueV9suqK0eaNpVIEWW+ZaWz4lq3+v1RK:x66Y4hy8qi9sK0PINW9WzU9K
Score

10^/10

mirai botnet botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (108995) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Changes its process name
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdiscovery

© 2018-2024

Terms | Privacy