mirai | b2322b23cc73d9d6c7030648135b37d9990ab5911e013c3bb5567f3170c32301 | Triage

Sharing

General

Target

a2eab9c1c6ab993a9a2e5c6fb4b5d4f7
Size

104KB
Sample

231220-mgf3madcf5
MD5

a2eab9c1c6ab993a9a2e5c6fb4b5d4f7
SHA1

aa2135eb5a2a2d1b7bf32c9d66101edc9ae453c7
SHA256

b2322b23cc73d9d6c7030648135b37d9990ab5911e013c3bb5567f3170c32301
SHA512

6e80d61ed57c813ee3b902a8638225a43783a7b527fe6d53b0182e8059ba312dcca27d7c16d3682299521e8383813014620f268bc41c8552217afeb8f3579369
SSDEEP

3072:5GgscMcGQLXfUZIEyE85hw7wWzbljPM/9xVN8:5GgsSGQQZIEyE8rwxzbl7M/9xD8

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  a2eab9c1c6ab993a9a2e5c6fb4b5d4f7
- Size
  
  104KB
- MD5
  
  a2eab9c1c6ab993a9a2e5c6fb4b5d4f7
- SHA1
  
  aa2135eb5a2a2d1b7bf32c9d66101edc9ae453c7
- SHA256
  
  b2322b23cc73d9d6c7030648135b37d9990ab5911e013c3bb5567f3170c32301
- SHA512
  
  6e80d61ed57c813ee3b902a8638225a43783a7b527fe6d53b0182e8059ba312dcca27d7c16d3682299521e8383813014620f268bc41c8552217afeb8f3579369
- SSDEEP
  
  3072:5GgscMcGQLXfUZIEyE85hw7wWzbljPM/9xVN8:5GgsSGQQZIEyE8rwxzbl7M/9xD8
Score

9^/10

discovery
- Contacts a large (53614) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1