mirai | d2273a286759a17286de75bd0235238db7f711af5f132ecbb700b1a2249ec9c9 | Triage

Sharing

General

Target

c455f0818e4ffc378029a45231e9d0f2
Size

133KB
Sample

231220-rltxhabhg7
MD5

c455f0818e4ffc378029a45231e9d0f2
SHA1

37fff3835a4c7a6fac53e3594251f14b5615e0ea
SHA256

d2273a286759a17286de75bd0235238db7f711af5f132ecbb700b1a2249ec9c9
SHA512

23057532a78ac8d05c291b0c5f789afb46e9cdc659cda343b9628e0d3948d01e9d15a158e6b0d21c55711860c735c9ebf1882fb18538aedb704d549902073412
SSDEEP

3072:cPMO4qHM2/Sm3Dbtqt2Lhpf+/vq9pS+r/IM/9KM+:IMO4qQmvtE2Lhpf+3qa+rwM/9P+

Score

10^/10

mirai bot discovery

Malware Config

Extracted

Family

mirai

Botnet

BOT

Targets

- Target
  
  c455f0818e4ffc378029a45231e9d0f2
- Size
  
  133KB
- MD5
  
  c455f0818e4ffc378029a45231e9d0f2
- SHA1
  
  37fff3835a4c7a6fac53e3594251f14b5615e0ea
- SHA256
  
  d2273a286759a17286de75bd0235238db7f711af5f132ecbb700b1a2249ec9c9
- SHA512
  
  23057532a78ac8d05c291b0c5f789afb46e9cdc659cda343b9628e0d3948d01e9d15a158e6b0d21c55711860c735c9ebf1882fb18538aedb704d549902073412
- SSDEEP
  
  3072:cPMO4qHM2/Sm3Dbtqt2Lhpf+/vq9pS+r/IM/9KM+:IMO4qQmvtE2Lhpf+3qa+rwM/9P+
Score

9^/10

discovery
- Contacts a large (376928) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1