mirai | b78ea5b397495b2a255fa725bf97833a27fcbbb45920cc8d75d1800a5ed418cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e7e353e4c34f3e058329a438daa884b
Size

50KB
Sample

231220-c98cgahaan
MD5

7e7e353e4c34f3e058329a438daa884b
SHA1

5012b310f20b63f7089c2e4ae3f41392df984b06
SHA256

b78ea5b397495b2a255fa725bf97833a27fcbbb45920cc8d75d1800a5ed418cc
SHA512

a9e19774e6ab9a23b122aba258272a8f51ebc377aa58b93613163a429e979534ff5cb175571ffd4c1d27148d9a8cc31776f25c804605698de626c8014dc9cfcc
SSDEEP

768:By52wiEqMMtMlLWo4OIIZwNV1YeTNtLpaL9m2oSQxPnPkEM3ITOVUL3:BoAMVLWomIZwzZJ+k3SMfPLM3IiV83

Score

10^/10

mirai apep discovery linux

Malware Config

Extracted

Family

mirai

Botnet

APEP

Targets

- Target
  
  7e7e353e4c34f3e058329a438daa884b
- Size
  
  50KB
- MD5
  
  7e7e353e4c34f3e058329a438daa884b
- SHA1
  
  5012b310f20b63f7089c2e4ae3f41392df984b06
- SHA256
  
  b78ea5b397495b2a255fa725bf97833a27fcbbb45920cc8d75d1800a5ed418cc
- SHA512
  
  a9e19774e6ab9a23b122aba258272a8f51ebc377aa58b93613163a429e979534ff5cb175571ffd4c1d27148d9a8cc31776f25c804605698de626c8014dc9cfcc
- SSDEEP
  
  768:By52wiEqMMtMlLWo4OIIZwNV1YeTNtLpaL9m2oSQxPnPkEM3ITOVUL3:BoAMVLWomIZwzZJ+k3SMfPLM3IiV83
Score

9^/10

discovery
- Contacts a large (197151) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1