mirai | 121b042e52638f6446e52c105ca2a88e4d25dbc8095ac9e2f91508864b1e9e34 | Triage

Sharing

General

Target

9853ff4a985a9c4d6bbb4ecf9d139168
Size

74KB
Sample

231220-kssjpagec4
MD5

9853ff4a985a9c4d6bbb4ecf9d139168
SHA1

b379fffc237688f50e84c07ba3d4ead670bf7b5f
SHA256

121b042e52638f6446e52c105ca2a88e4d25dbc8095ac9e2f91508864b1e9e34
SHA512

00e54612a460826d29d407da6f2443da9bfaaab34f9eda7b2929b188525f1c1e9bef15504ad37dbac2a03203d289b18478623a42ddd755a92aff01e1b3eb8bcf
SSDEEP

768:gafFcHutXTWMwy23T0DIdQeZvTiVTR5stk5AheoeLDe7k7NRjp9XiTkbfZIfP:gwFOutX9wyYADRt8kIx6Dwkxdp7f

Score

10^/10

mirai horizon discovery

Malware Config

Extracted

Family

mirai

Botnet

HORIZON

Targets

- Target
  
  9853ff4a985a9c4d6bbb4ecf9d139168
- Size
  
  74KB
- MD5
  
  9853ff4a985a9c4d6bbb4ecf9d139168
- SHA1
  
  b379fffc237688f50e84c07ba3d4ead670bf7b5f
- SHA256
  
  121b042e52638f6446e52c105ca2a88e4d25dbc8095ac9e2f91508864b1e9e34
- SHA512
  
  00e54612a460826d29d407da6f2443da9bfaaab34f9eda7b2929b188525f1c1e9bef15504ad37dbac2a03203d289b18478623a42ddd755a92aff01e1b3eb8bcf
- SSDEEP
  
  768:gafFcHutXTWMwy23T0DIdQeZvTiVTR5stk5AheoeLDe7k7NRjp9XiTkbfZIfP:gwFOutX9wyYADRt8kIx6Dwkxdp7f
Score

9^/10

discovery
- Contacts a large (58000) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1