mirai | 35aced3ec7331040d8bda1c7833ddc3f3f233f56fa9950179a6382485601d158 | Triage

Sharing

General

Target

1ec06055089732fea67930af74be2c95_JaffaCakes118
Size

23KB
Sample

240329-lrcyaafa45
MD5

1ec06055089732fea67930af74be2c95
SHA1

367da13e501e81fd72fe4718201f39f66944f9d5
SHA256

35aced3ec7331040d8bda1c7833ddc3f3f233f56fa9950179a6382485601d158
SHA512

519ba6f84326eb14947122b431bf29f1651ec19a57c0c782696a80b3e331da4ba469082c40e1b41e4808d3edc8556afdf65e2ecb8153b8850e6420e9a7f074ed
SSDEEP

384:MB5xGQrRp43lWzaxIemvHsbjvEaJ61IlyMUq6AHz0j+kQy+hqUKK6ZA3d6nmf1TG:a5xnC4axIDGb5AIlJrOj+kgIA3d6nDv

Score

10^/10

mirai sora botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  1ec06055089732fea67930af74be2c95_JaffaCakes118
- Size
  
  23KB
- MD5
  
  1ec06055089732fea67930af74be2c95
- SHA1
  
  367da13e501e81fd72fe4718201f39f66944f9d5
- SHA256
  
  35aced3ec7331040d8bda1c7833ddc3f3f233f56fa9950179a6382485601d158
- SHA512
  
  519ba6f84326eb14947122b431bf29f1651ec19a57c0c782696a80b3e331da4ba469082c40e1b41e4808d3edc8556afdf65e2ecb8153b8850e6420e9a7f074ed
- SSDEEP
  
  384:MB5xGQrRp43lWzaxIemvHsbjvEaJ61IlyMUq6AHz0j+kQy+hqUKK6ZA3d6nmf1TG:a5xnC4axIDGb5AIlJrOj+kgIA3d6nDv
Score

10^/10

mirai sora botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnet