mirai | bbb89a38aa340a701ce8bfbf52005710e5b0d12b4fb3528b27f70889d1fe2ede | Triage

Sharing

General

Target

ac93cfbd088b6d98146172ab95767fe0
Size

111KB
Sample

231220-ntbt4shfh6
MD5

ac93cfbd088b6d98146172ab95767fe0
SHA1

5e592aa604f1d3433f46083ff2c889e0baf32acb
SHA256

bbb89a38aa340a701ce8bfbf52005710e5b0d12b4fb3528b27f70889d1fe2ede
SHA512

1515612fa0cdea89db73a6609544b64ce2f4652dca0c31b40d65832622aa044e3f8dbf1df0f15249d274738a27491c5891b53fee1c3b61953574ce1f8fb811de
SSDEEP

3072:hJza3vZhQ/R9UA7hAt8vfsmXiXa+kEYM/9Tgxr:hJza3vkJ7hAt8vUm6a+k3M/9kxr

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  ac93cfbd088b6d98146172ab95767fe0
- Size
  
  111KB
- MD5
  
  ac93cfbd088b6d98146172ab95767fe0
- SHA1
  
  5e592aa604f1d3433f46083ff2c889e0baf32acb
- SHA256
  
  bbb89a38aa340a701ce8bfbf52005710e5b0d12b4fb3528b27f70889d1fe2ede
- SHA512
  
  1515612fa0cdea89db73a6609544b64ce2f4652dca0c31b40d65832622aa044e3f8dbf1df0f15249d274738a27491c5891b53fee1c3b61953574ce1f8fb811de
- SSDEEP
  
  3072:hJza3vZhQ/R9UA7hAt8vfsmXiXa+kEYM/9Tgxr:hJza3vkJ7hAt8vUm6a+k3M/9kxr
Score

9^/10

discovery
- Contacts a large (76013) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1