mirai | 72bb27733964352bbc502f5f59f0e3af5ada55a2faa4be1eb45ee4c057e6bd00 | Triage

Sharing

General

Target

a57272b705b11bf0eadf67c949da346f
Size

78KB
Sample

231220-msyf2sbbdr
MD5

a57272b705b11bf0eadf67c949da346f
SHA1

3649d3157e3f590c9bcee48d8fd57d4cd1f8fdc8
SHA256

72bb27733964352bbc502f5f59f0e3af5ada55a2faa4be1eb45ee4c057e6bd00
SHA512

a88b4d3b5d5fd97779be8fcb241a42e82736a16347198213846f285741accbb3dfa726facbae11c615bc756c51b1cb5e13f97f19d6f3c8385fb5a8bfdf532703
SSDEEP

1536:h8lSsCpWC44E8t45I/b3zz1TT5ChADpnYspa/ieeC2qdS2qEHHEGyxRnr:h8ss784Mnx1aADpnYb/ieeC2aq3

Score

10^/10

mirai bot discovery

Malware Config

Extracted

Family

mirai

Botnet

BOT

C2

ch.silynigr.xyz

horse.silynigr.xyz

Targets

- Target
  
  a57272b705b11bf0eadf67c949da346f
- Size
  
  78KB
- MD5
  
  a57272b705b11bf0eadf67c949da346f
- SHA1
  
  3649d3157e3f590c9bcee48d8fd57d4cd1f8fdc8
- SHA256
  
  72bb27733964352bbc502f5f59f0e3af5ada55a2faa4be1eb45ee4c057e6bd00
- SHA512
  
  a88b4d3b5d5fd97779be8fcb241a42e82736a16347198213846f285741accbb3dfa726facbae11c615bc756c51b1cb5e13f97f19d6f3c8385fb5a8bfdf532703
- SSDEEP
  
  1536:h8lSsCpWC44E8t45I/b3zz1TT5ChADpnYspa/ieeC2qdS2qEHHEGyxRnr:h8ss784Mnx1aADpnYb/ieeC2aq3
Score

9^/10

discovery
- Contacts a large (286581) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1