mirai | 45c93d2d393a625a7f0802fd0a9b925de683aab9b632dfd2ce90716cd1e26da1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

a47bbd5508...ab494d

debian-9-armhf

Sharing

General

Target

a47bbd550841be1a1641820d6eab494d
Size

52KB
Sample

231220-mmv4qsafaj
MD5

a47bbd550841be1a1641820d6eab494d
SHA1

ddf806ebc9b7a54dd11170838b8d0d4d34194654
SHA256

45c93d2d393a625a7f0802fd0a9b925de683aab9b632dfd2ce90716cd1e26da1
SHA512

9bd9557040c58312250bd7ecc77609803e9d2578f3fb8fc35d72daf734545c753a20822717246c9758ba060136c6c42f70bae24be6f95ccd2f24bf231cca592a
SSDEEP

1536:XVBCnVHnld0RYdRtbi/Sliu4LEan7wM3LO8:by9n8YdTi/XLP7/LP

Score

10^/10

mirai mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a47bbd550841be1a1641820d6eab494d

Resource

debian9-armhf-20231215-en

mirai mirai botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  a47bbd550841be1a1641820d6eab494d
- Size
  
  52KB
- MD5
  
  a47bbd550841be1a1641820d6eab494d
- SHA1
  
  ddf806ebc9b7a54dd11170838b8d0d4d34194654
- SHA256
  
  45c93d2d393a625a7f0802fd0a9b925de683aab9b632dfd2ce90716cd1e26da1
- SHA512
  
  9bd9557040c58312250bd7ecc77609803e9d2578f3fb8fc35d72daf734545c753a20822717246c9758ba060136c6c42f70bae24be6f95ccd2f24bf231cca592a
- SSDEEP
  
  1536:XVBCnVHnld0RYdRtbi/Sliu4LEan7wM3LO8:by9n8YdTi/XLP7/LP
Score

10^/10

mirai mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20283) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetdiscovery

© 2018-2025

Terms | Privacy