mirai | 5806b2ef309f4a64e758be9aec585ab837ef10641451f18126f799722626bb06 | Triage

Sharing

General

Target

fdfdcab48454fe15fbb5d6f371efc14c
Size

75KB
Sample

231220-wg955segf4
MD5

fdfdcab48454fe15fbb5d6f371efc14c
SHA1

8e56739d8a9b146d4adef73eb4ff3084d8378a52
SHA256

5806b2ef309f4a64e758be9aec585ab837ef10641451f18126f799722626bb06
SHA512

1bfb905005738f0eb60bbf26e2483823c8b6a879247135f6c7de4db2146adca4742d50513d8398a570591cbf7d68c8d4e64315e30600ecf5113e1758fa49b3d0
SSDEEP

1536:tAL4lj6y0ZYft7ScEq7QhQNEBQ79gsS8e:tAij6yIFq7jBw

Score

10^/10

mirai larry discovery

Malware Config

Extracted

Family

mirai

Botnet

LARRY

C2

cnc.junoland.xyz

scan.junoland.xyz

Targets

- Target
  
  fdfdcab48454fe15fbb5d6f371efc14c
- Size
  
  75KB
- MD5
  
  fdfdcab48454fe15fbb5d6f371efc14c
- SHA1
  
  8e56739d8a9b146d4adef73eb4ff3084d8378a52
- SHA256
  
  5806b2ef309f4a64e758be9aec585ab837ef10641451f18126f799722626bb06
- SHA512
  
  1bfb905005738f0eb60bbf26e2483823c8b6a879247135f6c7de4db2146adca4742d50513d8398a570591cbf7d68c8d4e64315e30600ecf5113e1758fa49b3d0
- SSDEEP
  
  1536:tAL4lj6y0ZYft7ScEq7QhQNEBQ79gsS8e:tAij6yIFq7jBw
Score

9^/10

discovery
- Contacts a large (177897) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1