mirai | 99913604b40684bbba60bcc4dc3291812ba754db2925391da1943e36f46f35ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sky.sh
Size

661B
Sample

240119-tyx6ssacf4
MD5

f58db72fda1726bafd976887f1bcbb89
SHA1

8af992f7b66125a41a6b6be6a43660b0ecc05141
SHA256

99913604b40684bbba60bcc4dc3291812ba754db2925391da1943e36f46f35ed
SHA512

d7a1558f105649fb0302a2b4eabb7bc5cf0d70ab035a65d581a3252953261873ba2e9ac5c28ab486a0c9da4f50f4ffb4b01602328490c03f08f7c4c393338d40

Score

10^/10

mirai botnet discovery linux

Malware Config

Extracted

Family

mirai

C2

haha.skyljne.click

Targets

- Target
  
  sky.sh
- Size
  
  661B
- MD5
  
  f58db72fda1726bafd976887f1bcbb89
- SHA1
  
  8af992f7b66125a41a6b6be6a43660b0ecc05141
- SHA256
  
  99913604b40684bbba60bcc4dc3291812ba754db2925391da1943e36f46f35ed
- SHA512
  
  d7a1558f105649fb0302a2b4eabb7bc5cf0d70ab035a65d581a3252953261873ba2e9ac5c28ab486a0c9da4f50f4ffb4b01602328490c03f08f7c4c393338d40
Score

10^/10

mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (111059) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Executes dropped EXE
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

miraibotnetdiscovery

behavioral3

behavioral4