mirai | 4b73ff46a23d44a062bb9b665d1c53fdb65c9bb314b3c3afc3707d548fc21661 | Triage

Sharing

General

Target

c515be3733d30b4cf00ffbf6a6adf636
Size

63KB
Sample

231220-rne65acec6
MD5

c515be3733d30b4cf00ffbf6a6adf636
SHA1

ea3c29f2e0ed4198f6765c8433257c5bdb6a80f7
SHA256

4b73ff46a23d44a062bb9b665d1c53fdb65c9bb314b3c3afc3707d548fc21661
SHA512

d42a8bc1e32d98818847c0a8a773dcc9ed83ce572d1f7e2b4c53d6e8cff99a8f070e91af5fcf8205310a70af706a8a941d3d67413cea34dd14611948eaca0863
SSDEEP

1536:IvIvW1kAd/8oVfe+aoIKl408epTRpYmNWaxEVnL03XSw23vH7s8h:IvBeBKe1CNpY+xEqH7yV

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  c515be3733d30b4cf00ffbf6a6adf636
- Size
  
  63KB
- MD5
  
  c515be3733d30b4cf00ffbf6a6adf636
- SHA1
  
  ea3c29f2e0ed4198f6765c8433257c5bdb6a80f7
- SHA256
  
  4b73ff46a23d44a062bb9b665d1c53fdb65c9bb314b3c3afc3707d548fc21661
- SHA512
  
  d42a8bc1e32d98818847c0a8a773dcc9ed83ce572d1f7e2b4c53d6e8cff99a8f070e91af5fcf8205310a70af706a8a941d3d67413cea34dd14611948eaca0863
- SSDEEP
  
  1536:IvIvW1kAd/8oVfe+aoIKl408epTRpYmNWaxEVnL03XSw23vH7s8h:IvBeBKe1CNpY+xEqH7yV
Score

9^/10

discovery
- Contacts a large (234573) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1