mirai | 6fa0bfd6e9013ea4931b32e6424986b9e773cbb5e80919ffcdc854c46432e0a7 | Triage

Sharing

General

Target

7ed88da0cb36991294e698b97286d87f
Size

50KB
Sample

231220-dcjhhscca4
MD5

7ed88da0cb36991294e698b97286d87f
SHA1

bc670ba182707efb497665e60584cdb5cf28027c
SHA256

6fa0bfd6e9013ea4931b32e6424986b9e773cbb5e80919ffcdc854c46432e0a7
SHA512

9ee672a0bdfb129052083ee55459e46ca1bda82ea2482af3ff8d2023df3ea16297cd9b70d8e81e9902b4b98612113facf9fefd1bda85e8ba8a0569547f16b5a0
SSDEEP

768:I8ErXfmCJOr6C3DXtbOqJy44WZzNDmlekeXPeyMatZ3OpOXiirG0mi8iy:I8C/RCzZD/ANOPBMEZ3OYrIi8J

Score

10^/10

mirai discovery

Malware Config

Targets

- Target
  
  7ed88da0cb36991294e698b97286d87f
- Size
  
  50KB
- MD5
  
  7ed88da0cb36991294e698b97286d87f
- SHA1
  
  bc670ba182707efb497665e60584cdb5cf28027c
- SHA256
  
  6fa0bfd6e9013ea4931b32e6424986b9e773cbb5e80919ffcdc854c46432e0a7
- SHA512
  
  9ee672a0bdfb129052083ee55459e46ca1bda82ea2482af3ff8d2023df3ea16297cd9b70d8e81e9902b4b98612113facf9fefd1bda85e8ba8a0569547f16b5a0
- SSDEEP
  
  768:I8ErXfmCJOr6C3DXtbOqJy44WZzNDmlekeXPeyMatZ3OpOXiirG0mi8iy:I8C/RCzZD/ANOPBMEZ3OYrIi8J
Score

9^/10

discovery
- Contacts a large (63163) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1