mirai | f779bebea0e26251391da4bc69e44717b1237d7ef5d58cfb6017649309fa421e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bin.mpsl
Size

104KB
Sample

230816-n1h7rscd4v
MD5

6899faba2071f3fad6df400a8de974a7
SHA1

d71ebbd254271e85fbc35e03d9293b193188cb61
SHA256

f779bebea0e26251391da4bc69e44717b1237d7ef5d58cfb6017649309fa421e
SHA512

b1b79756486b25eb97dd13354db4dd694bb9906ced1ad659e3b24fb7e234312bbba7966be2aaa4f66e3169be02b354de5fc045720e498d3a878ecaafd3c7f1ef
SSDEEP

1536:m+e/hS++FH7CDhvGNutNjkNTbdSAHSHCtL2sfstiiRZy0AR16oI6a10mEgW:m+e/hZYHGFttNjWTttfstiiR6iYgW

Score

10^/10

mirai demons

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  bin.mpsl
- Size
  
  104KB
- MD5
  
  6899faba2071f3fad6df400a8de974a7
- SHA1
  
  d71ebbd254271e85fbc35e03d9293b193188cb61
- SHA256
  
  f779bebea0e26251391da4bc69e44717b1237d7ef5d58cfb6017649309fa421e
- SHA512
  
  b1b79756486b25eb97dd13354db4dd694bb9906ced1ad659e3b24fb7e234312bbba7966be2aaa4f66e3169be02b354de5fc045720e498d3a878ecaafd3c7f1ef
- SSDEEP
  
  1536:m+e/hS++FH7CDhvGNutNjkNTbdSAHSHCtL2sfstiiRZy0AR16oI6a10mEgW:m+e/hZYHGFttNjWTttfstiiR6iYgW
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1