mirai | d44ec3b18b13761a629d1b21e0ee694c9145ff080a483809708adfda3b2506bc | Triage

Sharing

General

Target

2b3890f6e22aa66490e711a86f1a1aa4
Size

133KB
Sample

231219-2rwcmadddq
MD5

2b3890f6e22aa66490e711a86f1a1aa4
SHA1

7fcb8e217129639918c9c7e34b1c68eb1e6f7bc7
SHA256

d44ec3b18b13761a629d1b21e0ee694c9145ff080a483809708adfda3b2506bc
SHA512

de443f1b429b0e4cf0747b1ae3546b09bf9e8cc12aeaceb7fffdc6e26d6da78cdbf81ab77f24ce3a9f14d4ef470216b9d72552b646d29fe35c14d3f98d7d9995
SSDEEP

3072:He+84qQM21xxbDlXqt2Lhpf+fvq99D+b/QM/9m7+:++84qEPXE2Lhpf+Xqn+boM/9E+

Score

10^/10

mirai bot discovery

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

- Target
  
  2b3890f6e22aa66490e711a86f1a1aa4
- Size
  
  133KB
- MD5
  
  2b3890f6e22aa66490e711a86f1a1aa4
- SHA1
  
  7fcb8e217129639918c9c7e34b1c68eb1e6f7bc7
- SHA256
  
  d44ec3b18b13761a629d1b21e0ee694c9145ff080a483809708adfda3b2506bc
- SHA512
  
  de443f1b429b0e4cf0747b1ae3546b09bf9e8cc12aeaceb7fffdc6e26d6da78cdbf81ab77f24ce3a9f14d4ef470216b9d72552b646d29fe35c14d3f98d7d9995
- SSDEEP
  
  3072:He+84qQM21xxbDlXqt2Lhpf+fvq99D+b/QM/9m7+:++84qEPXE2Lhpf+Xqn+boM/9E+
Score

9^/10

discovery
- Contacts a large (384506) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1