mirai | cc7cb1e7650f16d243ad89710eb736896a2bd03f160fbdc6d76e12901121da75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05c39125c3e69376392ee08cb7a9bb39
Size

112KB
Sample

231219-2bhftsaea3
MD5

05c39125c3e69376392ee08cb7a9bb39
SHA1

0d93c43795db9a9e74e52c0b8d3cefd015f225a0
SHA256

cc7cb1e7650f16d243ad89710eb736896a2bd03f160fbdc6d76e12901121da75
SHA512

091c5b37f73c5211240e86845579c512d3cb08692756439154ad37515e69c3c1b8c002d6bae3d33a77b16570913e5c42a49a70a4c63372f5cbec919ebb3afd7c
SSDEEP

3072:KQm/1zF5e+XbZAIQnZJc+d+nYrFM/9OG2T8:dm/1zy+XbZAIyZRd+YJM/972T8

Score

10^/10

mirai horizon discovery

Malware Config

Extracted

Family

mirai

Botnet

HORIZON

Targets

- Target
  
  05c39125c3e69376392ee08cb7a9bb39
- Size
  
  112KB
- MD5
  
  05c39125c3e69376392ee08cb7a9bb39
- SHA1
  
  0d93c43795db9a9e74e52c0b8d3cefd015f225a0
- SHA256
  
  cc7cb1e7650f16d243ad89710eb736896a2bd03f160fbdc6d76e12901121da75
- SHA512
  
  091c5b37f73c5211240e86845579c512d3cb08692756439154ad37515e69c3c1b8c002d6bae3d33a77b16570913e5c42a49a70a4c63372f5cbec919ebb3afd7c
- SSDEEP
  
  3072:KQm/1zF5e+XbZAIQnZJc+d+nYrFM/9OG2T8:dm/1zy+XbZAIyZRd+YJM/972T8
Score

9^/10

discovery
- Contacts a large (152492) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1