mirai | 938be5dd94fa730d57b8bd7a41f07a6b3f8f87704d4c8f2afb35beb92c7a7d13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

653885b23f92a739cb812c4b7457c535
Size

102KB
Sample

231219-3e57qsabd4
MD5

653885b23f92a739cb812c4b7457c535
SHA1

f179f5926d2c3170bfcee7accc96884e66f93875
SHA256

938be5dd94fa730d57b8bd7a41f07a6b3f8f87704d4c8f2afb35beb92c7a7d13
SHA512

fb626c139c294aba69755762656ec6525324af794337ee7f5d8c26e42986020f96cba1fb3c5747aa66f14d34cd7d930f02b53bbb0a794d3e1d59b550f46ed8c5
SSDEEP

1536:0YQRwXjPwz2WYxuV6xw/ZTXn7FP8ZhtkOOB/hYzZ/JRIOsvU4j:0YQRwXjPwz2W9VPBTXbhYzuj

Score

10^/10

mirai chaotic discovery

Malware Config

Extracted

Family

mirai

Botnet

CHAOTIC

Targets

- Target
  
  653885b23f92a739cb812c4b7457c535
- Size
  
  102KB
- MD5
  
  653885b23f92a739cb812c4b7457c535
- SHA1
  
  f179f5926d2c3170bfcee7accc96884e66f93875
- SHA256
  
  938be5dd94fa730d57b8bd7a41f07a6b3f8f87704d4c8f2afb35beb92c7a7d13
- SHA512
  
  fb626c139c294aba69755762656ec6525324af794337ee7f5d8c26e42986020f96cba1fb3c5747aa66f14d34cd7d930f02b53bbb0a794d3e1d59b550f46ed8c5
- SSDEEP
  
  1536:0YQRwXjPwz2WYxuV6xw/ZTXn7FP8ZhtkOOB/hYzZ/JRIOsvU4j:0YQRwXjPwz2W9VPBTXbhYzuj
Score

9^/10

discovery
- Contacts a large (100684) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1