mirai | 32c709d94cbcc65c9e736d586c0152b40ac04cf8e940f8809306c37028fa2547 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76f0f3db59a07b7b09f5768c670e7178
Size

35KB
Sample

231220-bbm37sgch4
MD5

76f0f3db59a07b7b09f5768c670e7178
SHA1

f04c5e739b06db25c200c363f70646e568184a6f
SHA256

32c709d94cbcc65c9e736d586c0152b40ac04cf8e940f8809306c37028fa2547
SHA512

73cb6a582ec61e00c7564dd01befe59e951aa057f7f77f1dc91fbeb584b5fb20628bc351d0089ec0e4e74abe0aab25271dd7f07e8ccae5591a5e44724c4f4d50
SSDEEP

768:XUA/wCX5L+JdKEFHKCPUSgIPPMMqEzvW0jruejyznvCvoOD3pfJgGlzDp6YsY:DICpL+zHFH5USgbjI+ErdQCvh3nVYYL

Score

10^/10

mirai itsu botnet

Malware Config

Extracted

Family

mirai

Botnet

ITSU

Targets

- Target
  
  76f0f3db59a07b7b09f5768c670e7178
- Size
  
  35KB
- MD5
  
  76f0f3db59a07b7b09f5768c670e7178
- SHA1
  
  f04c5e739b06db25c200c363f70646e568184a6f
- SHA256
  
  32c709d94cbcc65c9e736d586c0152b40ac04cf8e940f8809306c37028fa2547
- SHA512
  
  73cb6a582ec61e00c7564dd01befe59e951aa057f7f77f1dc91fbeb584b5fb20628bc351d0089ec0e4e74abe0aab25271dd7f07e8ccae5591a5e44724c4f4d50
- SSDEEP
  
  768:XUA/wCX5L+JdKEFHKCPUSgIPPMMqEzvW0jruejyznvCvoOD3pfJgGlzDp6YsY:DICpL+zHFH5USgbjI+ErdQCvh3nVYYL
Score

10^/10

mirai itsu botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiitsubotnet