mirai | 90b5e729c46a964887ee2995f88c7d5985f010747df90a09a550495a486bc740 | Triage

Sharing

General

Target

4e946e8956924d95d46250d1beac6b53
Size

157KB
Sample

231219-26wxpsbdfl
MD5

4e946e8956924d95d46250d1beac6b53
SHA1

09e4318782e17c3e662817005aec29ed511d1bf1
SHA256

90b5e729c46a964887ee2995f88c7d5985f010747df90a09a550495a486bc740
SHA512

f6295f2a69662ae0c9cb5a70d4037bac7dc078a13d532c3df31d852ef919ac30266db6faab3a4374fcbe2bac9b90e945a68a57c595b0627754578154c9de57ab
SSDEEP

3072:zfm3+bfkM2MFhedk++nLaa8MA8+Vo86Ooa9YEvj+uYM/9yy8j2Yp:Lm3ofJQdYLaa8MA8+Vx6OXvj+FM/9ydn

Score

10^/10

mirai bot discovery

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

- Target
  
  4e946e8956924d95d46250d1beac6b53
- Size
  
  157KB
- MD5
  
  4e946e8956924d95d46250d1beac6b53
- SHA1
  
  09e4318782e17c3e662817005aec29ed511d1bf1
- SHA256
  
  90b5e729c46a964887ee2995f88c7d5985f010747df90a09a550495a486bc740
- SHA512
  
  f6295f2a69662ae0c9cb5a70d4037bac7dc078a13d532c3df31d852ef919ac30266db6faab3a4374fcbe2bac9b90e945a68a57c595b0627754578154c9de57ab
- SSDEEP
  
  3072:zfm3+bfkM2MFhedk++nLaa8MA8+Vo86Ooa9YEvj+uYM/9yy8j2Yp:Lm3ofJQdYLaa8MA8+Vx6OXvj+FM/9ydn
Score

9^/10

discovery
- Contacts a large (197206) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1