mirai | 0a297410ee9ed84def59b4b11bf869bc6231e6664829adbee456a76e2c2ffea7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e36c74e601bfcdf641342c4c8f8ea72
Size

59KB
Sample

231226-jxryaagah9
MD5

5e36c74e601bfcdf641342c4c8f8ea72
SHA1

6212162872af488517e5351220d14c42e10e7a36
SHA256

0a297410ee9ed84def59b4b11bf869bc6231e6664829adbee456a76e2c2ffea7
SHA512

61f9cbe7628ed6037f07587c0c6eee2d84155b9a89603d591c4097cc7cfeb52e4238278c791a89cac02e6f720658ff99ed2b9db27cac56b23a9033485979c0d9
SSDEEP

1536:BKTGN1kVzk0UOSCtWL6Ze0pHT8k8tHKQ8:BKQSZptW0f8tHZ8

Score

10^/10

mirai discovery

Malware Config

Targets

- Target
  
  5e36c74e601bfcdf641342c4c8f8ea72
- Size
  
  59KB
- MD5
  
  5e36c74e601bfcdf641342c4c8f8ea72
- SHA1
  
  6212162872af488517e5351220d14c42e10e7a36
- SHA256
  
  0a297410ee9ed84def59b4b11bf869bc6231e6664829adbee456a76e2c2ffea7
- SHA512
  
  61f9cbe7628ed6037f07587c0c6eee2d84155b9a89603d591c4097cc7cfeb52e4238278c791a89cac02e6f720658ff99ed2b9db27cac56b23a9033485979c0d9
- SSDEEP
  
  1536:BKTGN1kVzk0UOSCtWL6Ze0pHT8k8tHKQ8:BKQSZptW0f8tHZ8
Score

9^/10

discovery
- Contacts a large (47589) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1