mirai | 93a38d162963f62c93e3b840ae45a36486284759a50e998cdc581a943bf31c7f | Triage

Sharing

General

Target

dab4dac2b3325edd653ecaa7c50bc878
Size

42KB
Sample

231220-s3jnjaccg4
MD5

dab4dac2b3325edd653ecaa7c50bc878
SHA1

4ddf95808ecf5251664ec60b199fc549a51cf2fc
SHA256

93a38d162963f62c93e3b840ae45a36486284759a50e998cdc581a943bf31c7f
SHA512

09151b0cf74e44bf3a21e3f3b9390c156f00b28ce194111da747197f55fa6b4191267d306184f7c3c857ad4e6b2c95d43c9996aa4adc656fd2c08033ca769c28
SSDEEP

768:2Y1fDD+IgMByk4Rdikux7MUFrkeQPn3XiPhR5gNOZYWqcx6:bfDD+rI4Rdwx5rP4nipRLT7

Score

10^/10

mirai orphic discovery

Malware Config

Extracted

Family

mirai

Botnet

ORPHIC

C2

cnc.isisnet.xyz

Targets

- Target
  
  dab4dac2b3325edd653ecaa7c50bc878
- Size
  
  42KB
- MD5
  
  dab4dac2b3325edd653ecaa7c50bc878
- SHA1
  
  4ddf95808ecf5251664ec60b199fc549a51cf2fc
- SHA256
  
  93a38d162963f62c93e3b840ae45a36486284759a50e998cdc581a943bf31c7f
- SHA512
  
  09151b0cf74e44bf3a21e3f3b9390c156f00b28ce194111da747197f55fa6b4191267d306184f7c3c857ad4e6b2c95d43c9996aa4adc656fd2c08033ca769c28
- SSDEEP
  
  768:2Y1fDD+IgMByk4Rdikux7MUFrkeQPn3XiPhR5gNOZYWqcx6:bfDD+rI4Rdwx5rP4nipRLT7
Score

9^/10

discovery
- Contacts a large (57443) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1