mirai | 3d21d7394efa3c5c2a7237ad71237b5e250fdb6207af72f7838480daeb3dc4c5 | Triage

Submit
Reports

Overview

overview

Static

static

7

13c2d6232e...007eaf

debian-9-armhf

Sharing

Copy URL Twitter E-mail

General

Target

13c2d6232e9f0f3468329abb6b007eaf
Size

29KB
Sample

231219-2gzx3ahfaq
MD5

13c2d6232e9f0f3468329abb6b007eaf
SHA1

bd9603b342a6f8634d74eb2f4bcb660af670867a
SHA256

3d21d7394efa3c5c2a7237ad71237b5e250fdb6207af72f7838480daeb3dc4c5
SHA512

8fa2e91e0af5c43c6acf5b6294c8d6d17b458e04035cdca9940edae59759bd5a234e398b170fe8f701486d996cc2d9fd3a0d1e8b309e11538b8933b420e7a849
SSDEEP

768:TFoxdX+IoMKVUfzaP1urxI1jNi0KtQTUJOFeZs3UozY:TF2+IoXVeNI1E0KNJO5zY

Score

10^/10

mirai unst botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

13c2d6232e9f0f3468329abb6b007eaf

Resource

debian9-armhf-20231215-en

mirai unst botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

- Target
  
  13c2d6232e9f0f3468329abb6b007eaf
- Size
  
  29KB
- MD5
  
  13c2d6232e9f0f3468329abb6b007eaf
- SHA1
  
  bd9603b342a6f8634d74eb2f4bcb660af670867a
- SHA256
  
  3d21d7394efa3c5c2a7237ad71237b5e250fdb6207af72f7838480daeb3dc4c5
- SHA512
  
  8fa2e91e0af5c43c6acf5b6294c8d6d17b458e04035cdca9940edae59759bd5a234e398b170fe8f701486d996cc2d9fd3a0d1e8b309e11538b8933b420e7a849
- SSDEEP
  
  768:TFoxdX+IoMKVUfzaP1urxI1jNi0KtQTUJOFeZs3UozY:TF2+IoXVeNI1E0KNJO5zY
Score

10^/10

mirai unst botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20594) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstbotnetdiscovery

© 2018-2025

Terms | Privacy