General

  • Target

    db0fa4b8db0333367e9bda3ab68b8042.x86

  • Size

    32KB

  • Sample

    230718-vc4l5acd48

  • MD5

    c375339e398fd39a5203e791e5c37f67

  • SHA1

    6afd9fbc01eccd4dfcd972604e4e2cc0119b8243

  • SHA256

    c1e5375ed9fadc54370de6cf7758de7323409f29a198287f5a1e4a15cd07ac00

  • SHA512

    50a32af8b09fc45bb62c21298d527004350a8746843bce25e04174cf3a4da89a5e0142cb68c2277696b24558dc15e833ed836dd217f574b4a8652242b9da92e9

  • SSDEEP

    768:uNyFa59wp6bs++1xqjENnqgVDTDcFCA+0yF65rVifnbcuyD7Uiyqu:ug05qMbsX4qnz1t0Ifnouy8Zqu

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

testbots.maizhangyu.top

Targets

    • Target

      db0fa4b8db0333367e9bda3ab68b8042.x86

    • Size

      32KB

    • MD5

      c375339e398fd39a5203e791e5c37f67

    • SHA1

      6afd9fbc01eccd4dfcd972604e4e2cc0119b8243

    • SHA256

      c1e5375ed9fadc54370de6cf7758de7323409f29a198287f5a1e4a15cd07ac00

    • SHA512

      50a32af8b09fc45bb62c21298d527004350a8746843bce25e04174cf3a4da89a5e0142cb68c2277696b24558dc15e833ed836dd217f574b4a8652242b9da92e9

    • SSDEEP

      768:uNyFa59wp6bs++1xqjENnqgVDTDcFCA+0yF65rVifnbcuyD7Uiyqu:ug05qMbsX4qnz1t0Ifnouy8Zqu

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (180873) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v6

Tasks