mirai | 49ee7966b481548392c8e66f58b9792d09e78cff34b6a4867f522602dc4930b5 | Triage

Sharing

General

Target

f26fee0d2b7f88bd7d5aa0860756b6d5.bin
Size

66KB
Sample

240221-fjk12abg7v
MD5

f26fee0d2b7f88bd7d5aa0860756b6d5
SHA1

8e933506d7d8b9205573881947d9419ffd6e1aaa
SHA256

49ee7966b481548392c8e66f58b9792d09e78cff34b6a4867f522602dc4930b5
SHA512

e0241f0c052610c0adaa69e03ad3de967a03c9e732212fe2718e957af6e36dad3137c4d96e0a48d555aced4998a94f4538b24dc973af525a318ab650e7b54794
SSDEEP

1536:u8aCKglaDrIjtb3stmjpYpt13+c23mo1UQ+eX:9H+0Jb3vypt8c23mo1RHX

Score

10^/10

mirai

Malware Config

Targets

- Target
  
  f26fee0d2b7f88bd7d5aa0860756b6d5.bin
- Size
  
  66KB
- MD5
  
  f26fee0d2b7f88bd7d5aa0860756b6d5
- SHA1
  
  8e933506d7d8b9205573881947d9419ffd6e1aaa
- SHA256
  
  49ee7966b481548392c8e66f58b9792d09e78cff34b6a4867f522602dc4930b5
- SHA512
  
  e0241f0c052610c0adaa69e03ad3de967a03c9e732212fe2718e957af6e36dad3137c4d96e0a48d555aced4998a94f4538b24dc973af525a318ab650e7b54794
- SSDEEP
  
  1536:u8aCKglaDrIjtb3stmjpYpt13+c23mo1UQ+eX:9H+0Jb3vypt8c23mo1RHX
Score

7^/10
- Changes its process name
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1