mirai | ae5dfd046a1caf394990dedd919fc8dd85368080a92ef5b981ef3500df94254a | Triage

Sharing

General

Target

8d992b35aaa9d1ab212314b133179ed1
Size

54KB
Sample

231220-hqn3dabgf5
MD5

8d992b35aaa9d1ab212314b133179ed1
SHA1

b2f7c0510eea82d59482c6ad945e4cad27a9c8bb
SHA256

ae5dfd046a1caf394990dedd919fc8dd85368080a92ef5b981ef3500df94254a
SHA512

9ec10eb01da5dd24fc8093db8a018ff26c3a3dc48bd986ec2c3233989d34448753bdecc81e81500a3ee67fff3d3f862c47de5c0b525a677845aeb39703cfb84d
SSDEEP

1536:jw7AeMYn/OY8R3bW/gbDF5+dKOTwTlIOJ+FbnrURYf:jkAeMYeR3bssDFgdKDTnoBCYf

Score

10^/10

mirai larry discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  8d992b35aaa9d1ab212314b133179ed1
- Size
  
  54KB
- MD5
  
  8d992b35aaa9d1ab212314b133179ed1
- SHA1
  
  b2f7c0510eea82d59482c6ad945e4cad27a9c8bb
- SHA256
  
  ae5dfd046a1caf394990dedd919fc8dd85368080a92ef5b981ef3500df94254a
- SHA512
  
  9ec10eb01da5dd24fc8093db8a018ff26c3a3dc48bd986ec2c3233989d34448753bdecc81e81500a3ee67fff3d3f862c47de5c0b525a677845aeb39703cfb84d
- SSDEEP
  
  1536:jw7AeMYn/OY8R3bW/gbDF5+dKOTwTlIOJ+FbnrURYf:jkAeMYeR3bssDFgdKDTnoBCYf
Score

9^/10

discovery
- Contacts a large (2733) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1