mirai | aff3faa47c356b0f6e5af84e16fa54c21e6d45b7170134ccd252328002551cf7 | Triage

Sharing

General

Target

78253e96ebfe4e9e8db74c68e3b1b082
Size

29KB
Sample

231220-bnwwwaeaek
MD5

78253e96ebfe4e9e8db74c68e3b1b082
SHA1

1c273463c9577e9264397b08f5b7e8367abf48fa
SHA256

aff3faa47c356b0f6e5af84e16fa54c21e6d45b7170134ccd252328002551cf7
SHA512

0dbc15da2a441c5634e3c8ea011af336a74d7b0b0165ecc0571ef55df84196f9930a45079467a7badee8a5241e17453dca1b4f98442a659597295ad734b3a6b1
SSDEEP

384:cDsXRFF282R4Gs0kp3OjUjidRedJFzac+FR+DuuI855C5WkXRBLeiFQv9WaA8w3z:cD4n2R4Gs0kp3acFekw35vSiFM9DQk

Score

10^/10

mirai discovery linux

Malware Config

Targets

- Target
  
  78253e96ebfe4e9e8db74c68e3b1b082
- Size
  
  29KB
- MD5
  
  78253e96ebfe4e9e8db74c68e3b1b082
- SHA1
  
  1c273463c9577e9264397b08f5b7e8367abf48fa
- SHA256
  
  aff3faa47c356b0f6e5af84e16fa54c21e6d45b7170134ccd252328002551cf7
- SHA512
  
  0dbc15da2a441c5634e3c8ea011af336a74d7b0b0165ecc0571ef55df84196f9930a45079467a7badee8a5241e17453dca1b4f98442a659597295ad734b3a6b1
- SSDEEP
  
  384:cDsXRFF282R4Gs0kp3OjUjidRedJFzac+FR+DuuI855C5WkXRBLeiFQv9WaA8w3z:cD4n2R4Gs0kp3acFekw35vSiFM9DQk
Score

9^/10

discovery
- Contacts a large (23673) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1