mirai | 1f3805962bd74a0237031bea605b3f3f4ff803bef9e473c987eceae7df84f94e | Triage

Sharing

General

Target

x86_64
Size

68KB
Sample

240329-r1g69abc24
MD5

23c3095e70063839bbc99dd3c4504dc8
SHA1

39f04d9d6bf268c595a792d41e593c444201eba6
SHA256

1f3805962bd74a0237031bea605b3f3f4ff803bef9e473c987eceae7df84f94e
SHA512

482366eafcdff612245d2473835b684ea53cb32fd09b6ea34673843f9f4af0b42a85b6e035f38143f36ed4e6367e7d7d773b563daaffc19a33d30621b20f8387
SSDEEP

1536:fObKQx5mv6M//zwtDFfGibjahUlbeFr6aWTo6r:mO1vt8xzboOy0Toi

Score

10^/10

mirai linux persistence

Malware Config

Extracted

Family

mirai

C2

maintained.abadila.best

Targets

- Target
  
  x86_64
- Size
  
  68KB
- MD5
  
  23c3095e70063839bbc99dd3c4504dc8
- SHA1
  
  39f04d9d6bf268c595a792d41e593c444201eba6
- SHA256
  
  1f3805962bd74a0237031bea605b3f3f4ff803bef9e473c987eceae7df84f94e
- SHA512
  
  482366eafcdff612245d2473835b684ea53cb32fd09b6ea34673843f9f4af0b42a85b6e035f38143f36ed4e6367e7d7d773b563daaffc19a33d30621b20f8387
- SSDEEP
  
  1536:fObKQx5mv6M//zwtDFfGibjahUlbeFr6aWTo6r:mO1vt8xzboOy0Toi
Score

8^/10

persistence
- Modifies password files for system users/ groups
  Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
- Changes its process name
- Deletes itself
- Modifies sudoers policy
  Adds/ Modifies rule files for sudoers policy, likely to grant additional privileges.
- Adds a user to the system
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence
- Modifies Bash startup script
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1