mirai | 2c9f9b9f7d4772badc7cfc7dc2db0e1c2617387c651b452fd8ab97fa824fb4d6 | Triage

Sharing

General

Target

mirai.arm7.elf
Size

148KB
Sample

230702-nz5z5sce4x
MD5

84c33f965b7fa8ebaf11076aa4106787
SHA1

dff905c24fda69bdb9e1cf7ef55a3a11a510c618
SHA256

2c9f9b9f7d4772badc7cfc7dc2db0e1c2617387c651b452fd8ab97fa824fb4d6
SHA512

abfe6ed41ed1caef87948cdde6e2155ae8055efde47f82b9f34d10519e6738c3e3177acf63f31710b03b6e109b7cb59650b177154983797f4a07c10e55226b3c
SSDEEP

3072:tvhDBvyMepDT6uczKVVYAwgkfo107aKvmKE9tXETQM/9vly83:tvhDBvyMepH6uczKFwRo107aKuKuXEk8

Score

10^/10

mirai mirai discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

h3h301.ddns.net

Targets

- Target
  
  mirai.arm7.elf
- Size
  
  148KB
- MD5
  
  84c33f965b7fa8ebaf11076aa4106787
- SHA1
  
  dff905c24fda69bdb9e1cf7ef55a3a11a510c618
- SHA256
  
  2c9f9b9f7d4772badc7cfc7dc2db0e1c2617387c651b452fd8ab97fa824fb4d6
- SHA512
  
  abfe6ed41ed1caef87948cdde6e2155ae8055efde47f82b9f34d10519e6738c3e3177acf63f31710b03b6e109b7cb59650b177154983797f4a07c10e55226b3c
- SSDEEP
  
  3072:tvhDBvyMepDT6uczKVVYAwgkfo107aKvmKE9tXETQM/9vly83:tvhDBvyMepH6uczKFwRo107aKuKuXEk8
Score

9^/10

discovery
- Contacts a large (55272) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1