Overview

overview

10

Static

static

10

91854a1759...3d40a0

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91854a17591ee72c2c954f02283d40a0

  • Size

    57KB

  • Sample

    231220-jtkd2adfd4

  • MD5

    91854a17591ee72c2c954f02283d40a0

  • SHA1

    c03353fa4e801d24feb7143afbcf1f2be32a7289

  • SHA256

    670257e0204106dd948b20500ee3000f324f8550a99e19e9fd28b5613355d25b

  • SHA512

    f36ec75c90581f36a8805d02b510769a8715897835b2c18b883fdbacd639ede77370b68ecaf4a0149932184dc11a002c69d36b4735e94d31dd08e74319cb8c57

  • SSDEEP

    1536:0A0PisFrZ3W5XPynSszIV8LIB/yizMSe:30aurZs+Ssz1LIB/yEMSe

Score
10/10
miraibotdiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

    • Target

      91854a17591ee72c2c954f02283d40a0

    • Size

      57KB

    • MD5

      91854a17591ee72c2c954f02283d40a0

    • SHA1

      c03353fa4e801d24feb7143afbcf1f2be32a7289

    • SHA256

      670257e0204106dd948b20500ee3000f324f8550a99e19e9fd28b5613355d25b

    • SHA512

      f36ec75c90581f36a8805d02b510769a8715897835b2c18b883fdbacd639ede77370b68ecaf4a0149932184dc11a002c69d36b4735e94d31dd08e74319cb8c57

    • SSDEEP

      1536:0A0PisFrZ3W5XPynSszIV8LIB/yizMSe:30aurZs+Ssz1LIB/yEMSe

    Score
    9/10
    discovery

    • Contacts a large (1597035) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

System Network Connections Discovery

1
T1049

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks