mirai | 689d845c0b32c2de26763a8483ec10a5e3613a11b5710428f979bb9de5120b96 | Triage

Sharing

General

Target

260f920515c39b6b9aee3ee50ad6c147
Size

57KB
Sample

231219-2py1qscehj
MD5

260f920515c39b6b9aee3ee50ad6c147
SHA1

1fdb9807f5cf9d04175d1af6947a10f9a624a85e
SHA256

689d845c0b32c2de26763a8483ec10a5e3613a11b5710428f979bb9de5120b96
SHA512

a790435278cb13d38f196303478ab1da070632db686f27580e043bdd4bda774898ee725a2f60e53f45707c063016b577b650d797e8e7134c038f6de2ea49e39f
SSDEEP

1536:EShQhsutpeKJ1TCsrlZMrbyBJUfjCg/sShu0asdLJKH:E/hvtpeKJ1TCsrlZMrbyXUf+g/s7075

Score

10^/10

mirai discovery linux

Malware Config

Extracted

Family

mirai

C2

cnc.botnet.agency

Targets

- Target
  
  260f920515c39b6b9aee3ee50ad6c147
- Size
  
  57KB
- MD5
  
  260f920515c39b6b9aee3ee50ad6c147
- SHA1
  
  1fdb9807f5cf9d04175d1af6947a10f9a624a85e
- SHA256
  
  689d845c0b32c2de26763a8483ec10a5e3613a11b5710428f979bb9de5120b96
- SHA512
  
  a790435278cb13d38f196303478ab1da070632db686f27580e043bdd4bda774898ee725a2f60e53f45707c063016b577b650d797e8e7134c038f6de2ea49e39f
- SSDEEP
  
  1536:EShQhsutpeKJ1TCsrlZMrbyBJUfjCg/sShu0asdLJKH:E/hvtpeKJ1TCsrlZMrbyXUf+g/s7075
Score

9^/10

discovery
- Contacts a large (258769) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1