mirai | f61003a4c01aea7e4ac7ce2908e65aab6eac81e6d6396631e98e91a614b9df36 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

207ccca7c50975e17da270c8a44da655
Size

94KB
Sample

231219-2mybesfad4
MD5

207ccca7c50975e17da270c8a44da655
SHA1

d305b0291768dd9ce0f8716217e6da48fc3e09b3
SHA256

f61003a4c01aea7e4ac7ce2908e65aab6eac81e6d6396631e98e91a614b9df36
SHA512

02f24236b5fdc422fcf3cb304485a8b6589113adadf51dea69d385e071998ded0c919b9a13b30422fccbe93f096c5dad7fb39f7c78fbb66893dc228de0777e61
SSDEEP

1536:GlxxGEiqhePt57VfXCCihdhCDdTumOeDZn0oHgvJ+6rB:GjLiqhOSxPcTJOGjqJ9

Score

10^/10

mirai

Malware Config

Targets

- Target
  
  207ccca7c50975e17da270c8a44da655
- Size
  
  94KB
- MD5
  
  207ccca7c50975e17da270c8a44da655
- SHA1
  
  d305b0291768dd9ce0f8716217e6da48fc3e09b3
- SHA256
  
  f61003a4c01aea7e4ac7ce2908e65aab6eac81e6d6396631e98e91a614b9df36
- SHA512
  
  02f24236b5fdc422fcf3cb304485a8b6589113adadf51dea69d385e071998ded0c919b9a13b30422fccbe93f096c5dad7fb39f7c78fbb66893dc228de0777e61
- SSDEEP
  
  1536:GlxxGEiqhePt57VfXCCihdhCDdTumOeDZn0oHgvJ+6rB:GjLiqhOSxPcTJOGjqJ9
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1