mirai | 58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c | Triage

Submit
Reports

Overview

overview

Static

static

1559-1-0x0...ry.dmp

ubuntu-18.04-amd64

9

Sharing

General

Target

1559-1-0x0000000000400000-0x0000000000524748-memory.dmp
Size

69KB
Sample

240212-v9n8pscc77
MD5

f38ca08d687989196c02903db58eae03
SHA1

bdbcb153eaf1db45a179feb7cfe1fd37f93ef73c
SHA256

58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c
SHA512

92143248a9e2f68860e6111e0a45915f77d16493a95820865e71dd7896c4cc559f3067aa13633ca6203f2812559ec6987b7f816b3a083b1b9546d78566e9c96e
SSDEEP

1536:aocdNAcs299EkhjgvZyoiPPWA6pRs0afqcl2rjTaXHjPE5UZLGBgHxyQ:qdiX29/hgvZ2PWAAqfEnMHj9LGB+sQ

Score

10^/10

mirai mirai discovery evasion linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1559-1-0x0000000000400000-0x0000000000524748-memory.dmp

Resource

ubuntu1804-amd64-20231215-en

discovery evasion

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  1559-1-0x0000000000400000-0x0000000000524748-memory.dmp
- Size
  
  69KB
- MD5
  
  f38ca08d687989196c02903db58eae03
- SHA1
  
  bdbcb153eaf1db45a179feb7cfe1fd37f93ef73c
- SHA256
  
  58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c
- SHA512
  
  92143248a9e2f68860e6111e0a45915f77d16493a95820865e71dd7896c4cc559f3067aa13633ca6203f2812559ec6987b7f816b3a083b1b9546d78566e9c96e
- SSDEEP
  
  1536:aocdNAcs299EkhjgvZyoiPPWA6pRs0afqcl2rjTaXHjPE5UZLGBgHxyQ:qdiX29/hgvZ2PWAAqfEnMHj9LGB+sQ
Score

9^/10

discovery evasion
- Contacts a large (71644) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes itself
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Indicator Removal

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

© 2018-2024

Terms | Privacy