mirai | afd0278566518fb3d91fb30efaac89f0712b1ccc4a606834875bd6e2465016a5 | Triage

Submit
Reports

Overview

overview

Static

static

7

1b816a4735...0b8ba5

debian-9-mips

Sharing

General

Target

1b816a4735659651887195c4670b8ba5
Size

29KB
Sample

231219-2kxxwaeah6
MD5

1b816a4735659651887195c4670b8ba5
SHA1

5ed42083835d28c2c345c14cdfc7b88d1a5922cf
SHA256

afd0278566518fb3d91fb30efaac89f0712b1ccc4a606834875bd6e2465016a5
SHA512

2ccc36176c92d75fe30ea3b0f9a52b7c89ac2f4d3bb2c359385aeb2f79ee0c4d73bc8d78623341826e17beea6f95fbfe6b14fb8126483468e93f63d8f809b71f
SSDEEP

768:zHbKO/gkgnb5i/n1EbuA8+4iejlMPnnJOrZGKyXMsO8MbJgGlzDpbuR1Jm:qOjgnb5i/nqbudwnJcQcs5MRVJu8

Score

10^/10

mirai mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b816a4735659651887195c4670b8ba5

Resource

debian9-mipsbe-20231215-en

mirai mirai botnet discovery

debian-9-mips

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  1b816a4735659651887195c4670b8ba5
- Size
  
  29KB
- MD5
  
  1b816a4735659651887195c4670b8ba5
- SHA1
  
  5ed42083835d28c2c345c14cdfc7b88d1a5922cf
- SHA256
  
  afd0278566518fb3d91fb30efaac89f0712b1ccc4a606834875bd6e2465016a5
- SHA512
  
  2ccc36176c92d75fe30ea3b0f9a52b7c89ac2f4d3bb2c359385aeb2f79ee0c4d73bc8d78623341826e17beea6f95fbfe6b14fb8126483468e93f63d8f809b71f
- SSDEEP
  
  768:zHbKO/gkgnb5i/n1EbuA8+4iejlMPnnJOrZGKyXMsO8MbJgGlzDpbuR1Jm:qOjgnb5i/nqbudwnJcQcs5MRVJu8
Score

10^/10

mirai mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (19954) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetdiscovery

© 2018-2025

Terms | Privacy