mirai | 26a8a8a3c21c29cb4c0a29f58c57b3c9693229040eb465a86225179b2d6e6db7 | Triage

Sharing

General

Target

db60416a0b6019a6b17e818044b0a14e
Size

55KB
Sample

231220-s4t6naadbn
MD5

db60416a0b6019a6b17e818044b0a14e
SHA1

8402c2280c42ae0af7df3872e3f6981885336123
SHA256

26a8a8a3c21c29cb4c0a29f58c57b3c9693229040eb465a86225179b2d6e6db7
SHA512

0c00974a3e4ffcd648a0f95f2840beb36e8c124e60f4ac457aaee5a89bab5e8784252c2a80ae3bf9b1d820513c7d4dc7feff6f6cf9e902a8e2c9f757055994c0
SSDEEP

1536:m+qDy4kWyIwagMbBozqcF3p6Tb/SPLU6zkRAvOs8C:m+2bMD5p6TzSAknr

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  db60416a0b6019a6b17e818044b0a14e
- Size
  
  55KB
- MD5
  
  db60416a0b6019a6b17e818044b0a14e
- SHA1
  
  8402c2280c42ae0af7df3872e3f6981885336123
- SHA256
  
  26a8a8a3c21c29cb4c0a29f58c57b3c9693229040eb465a86225179b2d6e6db7
- SHA512
  
  0c00974a3e4ffcd648a0f95f2840beb36e8c124e60f4ac457aaee5a89bab5e8784252c2a80ae3bf9b1d820513c7d4dc7feff6f6cf9e902a8e2c9f757055994c0
- SSDEEP
  
  1536:m+qDy4kWyIwagMbBozqcF3p6Tb/SPLU6zkRAvOs8C:m+2bMD5p6TzSAknr
Score

9^/10

discovery
- Contacts a large (203193) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1