mirai | 86c6745ba9d80b92842d28eb03b46d5fae0e58a94528ba5b24b0501a3fdee14a | Triage

Sharing

General

Target

6784c4fed3847b864eda8bef2ebe49b3
Size

32KB
Sample

231219-3fz24saee2
MD5

6784c4fed3847b864eda8bef2ebe49b3
SHA1

f0052295057f75d43dc48b4f1f7ae4f49a95ce73
SHA256

86c6745ba9d80b92842d28eb03b46d5fae0e58a94528ba5b24b0501a3fdee14a
SHA512

b2e51a55a71c35ed18663954eb951fec7c59062bea6e21b22173a4a15b79a7367c95cdd300ec3eb90e7f1b23ad9d979a6991994ff1b9daef88a1361713c6a27a
SSDEEP

768:2XuOLbv6nyoCYRtP7Fomc4GPx6PrU9Pht1D9TMhqDwPGbHs8Oe:lO3v6yoCYDP7w48xSrU9pt7whes8O

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  6784c4fed3847b864eda8bef2ebe49b3
- Size
  
  32KB
- MD5
  
  6784c4fed3847b864eda8bef2ebe49b3
- SHA1
  
  f0052295057f75d43dc48b4f1f7ae4f49a95ce73
- SHA256
  
  86c6745ba9d80b92842d28eb03b46d5fae0e58a94528ba5b24b0501a3fdee14a
- SHA512
  
  b2e51a55a71c35ed18663954eb951fec7c59062bea6e21b22173a4a15b79a7367c95cdd300ec3eb90e7f1b23ad9d979a6991994ff1b9daef88a1361713c6a27a
- SSDEEP
  
  768:2XuOLbv6nyoCYRtP7Fomc4GPx6PrU9Pht1D9TMhqDwPGbHs8Oe:lO3v6yoCYDP7w48xSrU9pt7whes8O
Score

9^/10

discovery
- Contacts a large (53975) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1