mirai | d0a19b4a570d11010ee08acf68c399d490d31c423f94ff64019b3bef8cf3a5c9 | Triage

Sharing

General

Target

wshindex86.elf
Size

20KB
Sample

230529-xvxmmsdb72
MD5

2d6ac6edb29b75b147e376ad7221a217
SHA1

df02c1022825c3d3d567381c805e9067658b1623
SHA256

d0a19b4a570d11010ee08acf68c399d490d31c423f94ff64019b3bef8cf3a5c9
SHA512

7b666853b243a73a93f5f0c04da34bb93a87fc8527ebd343510b8e2fc40d1d065c4eb5ecb8e64e6412d125159533e2f618ac3930b607e4b09aa0e5d6716a5024
SSDEEP

384:M7jgtZ3KwNS5pY62iOYtJjSBuc+VOFj3zZp+ZKlRYx2WVS499dGKHi:r7k5pYXMtFcQOFvCol+x29VKHi

Score

10^/10

mirai unstable botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

fluu.badworldgama.xyz

Targets

- Target
  
  wshindex86.elf
- Size
  
  20KB
- MD5
  
  2d6ac6edb29b75b147e376ad7221a217
- SHA1
  
  df02c1022825c3d3d567381c805e9067658b1623
- SHA256
  
  d0a19b4a570d11010ee08acf68c399d490d31c423f94ff64019b3bef8cf3a5c9
- SHA512
  
  7b666853b243a73a93f5f0c04da34bb93a87fc8527ebd343510b8e2fc40d1d065c4eb5ecb8e64e6412d125159533e2f618ac3930b607e4b09aa0e5d6716a5024
- SSDEEP
  
  384:M7jgtZ3KwNS5pY62iOYtJjSBuc+VOFj3zZp+ZKlRYx2WVS499dGKHi:r7k5pYXMtFcQOFvCol+x29VKHi
Score

10^/10

mirai unstable botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnet