mirai | fd97f272231675a302ef31c32e05e809ae4952a067fa9e8f6ae9a8fcde120e5e | Triage

Sharing

General

Target

RpcSecurity
Size

114KB
Sample

231122-2z1x3sfa63
MD5

628c01a028395bfb04ae79fa35b0005d
SHA1

ac213217341bd3e8da0a238c018a10ead4823500
SHA256

fd97f272231675a302ef31c32e05e809ae4952a067fa9e8f6ae9a8fcde120e5e
SHA512

4deef01ba8ced29cac2087793d6ddd54b0b33be6493e29205d2166c24d4e1ac1399524dce063acc41a9d18396be80cf2769414ab44e4666c16746ae1c8d511d8
SSDEEP

3072:8SezDjMDO2UEcFuEFrJZovEWtpA8eTTn7hw:gzXPJ+DQnh

Score

10^/10

mirai demons discovery

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  RpcSecurity
- Size
  
  114KB
- MD5
  
  628c01a028395bfb04ae79fa35b0005d
- SHA1
  
  ac213217341bd3e8da0a238c018a10ead4823500
- SHA256
  
  fd97f272231675a302ef31c32e05e809ae4952a067fa9e8f6ae9a8fcde120e5e
- SHA512
  
  4deef01ba8ced29cac2087793d6ddd54b0b33be6493e29205d2166c24d4e1ac1399524dce063acc41a9d18396be80cf2769414ab44e4666c16746ae1c8d511d8
- SSDEEP
  
  3072:8SezDjMDO2UEcFuEFrJZovEWtpA8eTTn7hw:gzXPJ+DQnh
Score

9^/10

discovery
- Contacts a large (285647) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1