mirai | 2d74ccb0ea0853e80b11a99c738e32d8a031a161fd73c7ecfd83ef324803f4a1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

9ea571eae4...42e28e

debian-9-mipsel

Sharing

General

Target

9ea571eae4e7531b2d6235bc6342e28e
Size

31KB
Sample

231220-lta7gagcdn
MD5

9ea571eae4e7531b2d6235bc6342e28e
SHA1

2d3e333d8f0beb549784c68c32cdc117e9b67838
SHA256

2d74ccb0ea0853e80b11a99c738e32d8a031a161fd73c7ecfd83ef324803f4a1
SHA512

6de50bbfce843ec44dda4d02087b963c644a51d613f968458c3346e521594c4dde2ea43e08ee00a09b0d59561ffed5c4de690486db372be6439184ae7deb49d7
SSDEEP

384:f6qBpsx9W82ArxSUFkk56WDWJ8opxowbOoN0B4GodzADf1Nul1eWsVDndL9ZRWGv:SqIx9aA9SUsWEpKwKoN0BuMDPySnWa

Score

10^/10

mirai rift botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ea571eae4e7531b2d6235bc6342e28e

Resource

debian9-mipsel-20231215-en

mirai rift botnet discovery

debian-9-mipsel

10 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

RIFT

Targets

- Target
  
  9ea571eae4e7531b2d6235bc6342e28e
- Size
  
  31KB
- MD5
  
  9ea571eae4e7531b2d6235bc6342e28e
- SHA1
  
  2d3e333d8f0beb549784c68c32cdc117e9b67838
- SHA256
  
  2d74ccb0ea0853e80b11a99c738e32d8a031a161fd73c7ecfd83ef324803f4a1
- SHA512
  
  6de50bbfce843ec44dda4d02087b963c644a51d613f968458c3346e521594c4dde2ea43e08ee00a09b0d59561ffed5c4de690486db372be6439184ae7deb49d7
- SSDEEP
  
  384:f6qBpsx9W82ArxSUFkk56WDWJ8opxowbOoN0B4GodzADf1Nul1eWsVDndL9ZRWGv:SqIx9aA9SUsWEpKwKoN0BuMDPySnWa
Score

10^/10

mirai rift botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (23365) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirairiftbotnetdiscovery

© 2018-2025

Terms | Privacy