mirai | 82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa | Triage

Sharing

General

Target

mirai.x86.elf
Size

68KB
Sample

230630-fga32sha4z
MD5

f1fdf8b488193f82dac74235bd4440a2
SHA1

de9fbce8138dcd03a0142d90ea47220ad27ad531
SHA256

82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa
SHA512

0b6ec45420173658f72795d6a6615632e5395ff35441b7ae9c08e86c3ed75f62dac73e79f250266856885e8b27bc7a70accd3350f5d768062659a4241a4b29ff
SSDEEP

1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnDQWo8bgdXHqMqMZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnDQW9bgNKMq

Score

10^/10

mirai mirai discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

ingoditrust.ddns.net

Targets

- Target
  
  mirai.x86.elf
- Size
  
  68KB
- MD5
  
  f1fdf8b488193f82dac74235bd4440a2
- SHA1
  
  de9fbce8138dcd03a0142d90ea47220ad27ad531
- SHA256
  
  82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa
- SHA512
  
  0b6ec45420173658f72795d6a6615632e5395ff35441b7ae9c08e86c3ed75f62dac73e79f250266856885e8b27bc7a70accd3350f5d768062659a4241a4b29ff
- SSDEEP
  
  1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnDQWo8bgdXHqMqMZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnDQW9bgNKMq
Score

9^/10

discovery
- Contacts a large (3071) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1