mirai | fb4240171e8e7aac6004cfbeaabf94360779f0c0ca5625fb903c474a384e2f67 | Triage

Sharing

General

Target

b6bf9b176b5638c6b710ef763babc808
Size

54KB
Sample

231220-qeyrfaghg6
MD5

b6bf9b176b5638c6b710ef763babc808
SHA1

dd811eeb9fa4e46afe5e91f9afe7cdeb77aaf8af
SHA256

fb4240171e8e7aac6004cfbeaabf94360779f0c0ca5625fb903c474a384e2f67
SHA512

33d6a11a4dec5d0fa940d2928dedc89ce85f5a2f5789633eb5cd3693ffea888a7a196ecc9d06c2a6a8ffb04b238a9440aac1f7fe831b0dff63c19fa25386aaa4
SSDEEP

1536:7WihQI4yQY3/N5eNIfdcNtQs607AJnS2L4Y4c9C2w:+I4zS/N5eNMdcPY07AA2Lr9

Score

10^/10

mirai bot discovery linux

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

- Target
  
  b6bf9b176b5638c6b710ef763babc808
- Size
  
  54KB
- MD5
  
  b6bf9b176b5638c6b710ef763babc808
- SHA1
  
  dd811eeb9fa4e46afe5e91f9afe7cdeb77aaf8af
- SHA256
  
  fb4240171e8e7aac6004cfbeaabf94360779f0c0ca5625fb903c474a384e2f67
- SHA512
  
  33d6a11a4dec5d0fa940d2928dedc89ce85f5a2f5789633eb5cd3693ffea888a7a196ecc9d06c2a6a8ffb04b238a9440aac1f7fe831b0dff63c19fa25386aaa4
- SSDEEP
  
  1536:7WihQI4yQY3/N5eNIfdcNtQs607AJnS2L4Y4c9C2w:+I4zS/N5eNMdcPY07AA2Lr9
Score

9^/10

discovery
- Contacts a large (401897) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1