mirai | 84f2803f2c737b26dc6ac1c9318aaa72f7c2143f180677be17604b07b0114276 | Triage

Submit
Reports

Overview

overview

Static

static

1605-1-0x0...ry.dmp

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

Target

1605-1-0x0000000000400000-0x000000000051afe8-memory.dmp
Size

63KB
Sample

240106-gkx8eshghp
MD5

52a587a566bd52d9d86d30062922d641
SHA1

5da9515a159017ab19207add6969160456ab690b
SHA256

84f2803f2c737b26dc6ac1c9318aaa72f7c2143f180677be17604b07b0114276
SHA512

ca606cc329a5fc8579b40c9acd70028bc35db0870eaeb203f7f6cd71d38f0c4e4bdd7d61835e8ef19d8625f78bd10534f8f96ab17f3bed14a7e8e58bbb5eb587
SSDEEP

1536:Je8dtLpt6LHqLdJKseApgaBH1sdCd6/KH+UIw2wkDp6:sUt1ALHk4kpXBHFfH+y2wkF6

Score

10^/10

mirai mirai discovery evasion linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1605-1-0x0000000000400000-0x000000000051afe8-memory.dmp

Resource

ubuntu1804-amd64-20231215-en

discovery evasion

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  1605-1-0x0000000000400000-0x000000000051afe8-memory.dmp
- Size
  
  63KB
- MD5
  
  52a587a566bd52d9d86d30062922d641
- SHA1
  
  5da9515a159017ab19207add6969160456ab690b
- SHA256
  
  84f2803f2c737b26dc6ac1c9318aaa72f7c2143f180677be17604b07b0114276
- SHA512
  
  ca606cc329a5fc8579b40c9acd70028bc35db0870eaeb203f7f6cd71d38f0c4e4bdd7d61835e8ef19d8625f78bd10534f8f96ab17f3bed14a7e8e58bbb5eb587
- SSDEEP
  
  1536:Je8dtLpt6LHqLdJKseApgaBH1sdCd6/KH+UIw2wkDp6:sUt1ALHk4kpXBHFfH+y2wkF6
Score

9^/10

discovery evasion
- Contacts a large (37710) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2025

Terms | Privacy