Overview

overview

10

Static

static

7

ntop2

ubuntu-18.04-amd64

10

Resubmissions

15-05-2023 18:20

230515-wy896sgg89 10

15-05-2023 18:17

230515-wxedeafc5x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ntop2

  • Size

    18KB

  • Sample

    230515-wy896sgg89

  • MD5

    49b55b5189424fa00c16d438cfcab0e1

  • SHA1

    488e9f9035076250cea5e41119f41d63f25c474e

  • SHA256

    caf577935671be92ac6d345a23f49168787250316edbe6ddccebdfbcdec385eb

  • SHA512

    1e53a0a1a69faa2db102efba490020e9f3652b0f177ece69b0343522a1f082e5cd068ce16b3f8cd36e79745bdb20797420f73abefe8527d5be21a72a505a5ad0

  • SSDEEP

    384:MWeHKBGXaLKbt3PSgArJK2dRQQeCPKlFYjKN399R5lBHcUexKXnUbeQLq51e:MQGXiuK902dRECPJeN9jlBHcUeA3Pe

Score
10/10
miraibotnetlinuxupx

Malware Config

Targets

    • Target

      ntop2

    • Size

      18KB

    • MD5

      49b55b5189424fa00c16d438cfcab0e1

    • SHA1

      488e9f9035076250cea5e41119f41d63f25c474e

    • SHA256

      caf577935671be92ac6d345a23f49168787250316edbe6ddccebdfbcdec385eb

    • SHA512

      1e53a0a1a69faa2db102efba490020e9f3652b0f177ece69b0343522a1f082e5cd068ce16b3f8cd36e79745bdb20797420f73abefe8527d5be21a72a505a5ad0

    • SSDEEP

      384:MWeHKBGXaLKbt3PSgArJK2dRQQeCPKlFYjKN399R5lBHcUexKXnUbeQLq51e:MQGXiuK902dRECPJeN9jlBHcUeA3Pe

    Score
    10/10
    miraibotnet

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Changes its process name

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks