mirai | fea73b668b048d7a6f234c1dd088f09f839abfdc5b5827df613c9d251c55fdcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a268850e5460af84e021bcd700f2cdb
Size

58KB
Sample

231219-3a37ksddfm
MD5

5a268850e5460af84e021bcd700f2cdb
SHA1

670ef7c592df38aa9506f2f230a6c8e2d2be1973
SHA256

fea73b668b048d7a6f234c1dd088f09f839abfdc5b5827df613c9d251c55fdcd
SHA512

a2acaffc2f0a6087becd58fb0b9137a0eab643d0161399fbaf101b6c528cd64ea34b9914bf45d2afcbe9621c046bf17e2ef93704ddfaf5cb788e1787620ee0e8
SSDEEP

1536:Ig7U31MXnPjU31MXqwLKjd3SP2OdwrTI+ol:b721MX721M6wuB82+0Gl

Score

10^/10

mirai selfrepping discovery

Malware Config

Extracted

Family

mirai

Botnet

SELFREPPING

Targets

- Target
  
  5a268850e5460af84e021bcd700f2cdb
- Size
  
  58KB
- MD5
  
  5a268850e5460af84e021bcd700f2cdb
- SHA1
  
  670ef7c592df38aa9506f2f230a6c8e2d2be1973
- SHA256
  
  fea73b668b048d7a6f234c1dd088f09f839abfdc5b5827df613c9d251c55fdcd
- SHA512
  
  a2acaffc2f0a6087becd58fb0b9137a0eab643d0161399fbaf101b6c528cd64ea34b9914bf45d2afcbe9621c046bf17e2ef93704ddfaf5cb788e1787620ee0e8
- SSDEEP
  
  1536:Ig7U31MXnPjU31MXqwLKjd3SP2OdwrTI+ol:b721MX721M6wuB82+0Gl
Score

9^/10

discovery
- Contacts a large (420535) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

selfreppingmirai

behavioral1