mirai | 257f3719ef283b9ad4e42511246fd0faf814c5bfdf18c50daadd66a163df56ae | Triage

Sharing

General

Target

SecuriteInfo.com.Linux.Siggen.9999.18087.21501.elf
Size

28KB
Sample

240220-ny1c9sff7s
MD5

0d42e9d595c03681a56ec13b23593aeb
SHA1

85b4598ac8c777f66a9db5a27198ac131d70f827
SHA256

257f3719ef283b9ad4e42511246fd0faf814c5bfdf18c50daadd66a163df56ae
SHA512

bc82bba43a652af91a3fac2c196f9e09e8cf4221c6519847e8b1284099a84ed91ff79c8e6b08baed65ee2526c48f7f5660cc65adb24b9fb3ff3f38a4eedf50db
SSDEEP

384:oVx1SjAUJUhes7xBmM4DqFpKGn1y5edztCyrhxbOjkfLFMddfFUaD9EYdRWGVCzZ:GxOFUhJxp4DY7dztCkhFOQf5MdUS91WB

Score

10^/10

mirai sora botnet discovery upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  SecuriteInfo.com.Linux.Siggen.9999.18087.21501.elf
- Size
  
  28KB
- MD5
  
  0d42e9d595c03681a56ec13b23593aeb
- SHA1
  
  85b4598ac8c777f66a9db5a27198ac131d70f827
- SHA256
  
  257f3719ef283b9ad4e42511246fd0faf814c5bfdf18c50daadd66a163df56ae
- SHA512
  
  bc82bba43a652af91a3fac2c196f9e09e8cf4221c6519847e8b1284099a84ed91ff79c8e6b08baed65ee2526c48f7f5660cc65adb24b9fb3ff3f38a4eedf50db
- SSDEEP
  
  384:oVx1SjAUJUhes7xBmM4DqFpKGn1y5edztCyrhxbOjkfLFMddfFUaD9EYdRWGVCzZ:GxOFUhJxp4DY7dztCkhFOQf5MdUS91WB
Score

10^/10

mirai sora botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (462334) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraisorabotnetdiscovery