mirai | d847528278f5d850d9ff2049cfd57cecf7aef1bef3ae11e99f5150bbeb5451ef | Triage

Sharing

General

Target

6404dbe1336d2daf31bdfd033ded500c_JaffaCakes118
Size

46KB
Sample

240401-by5a1aac43
MD5

6404dbe1336d2daf31bdfd033ded500c
SHA1

128ff9d8791e97136af34d81735d0e1b5794426d
SHA256

d847528278f5d850d9ff2049cfd57cecf7aef1bef3ae11e99f5150bbeb5451ef
SHA512

d19339be50a129f03e404ae62e91d3535927556fcfa3892741176c1174b884f55371dd7b28406815b4c8362543690aca3ed234b3dc72a05e7f346db30a815be1
SSDEEP

768:ndG7anq6010ib43xQIDoVWQyTg6wtU3x9q3UELuF2cFfDr7JlulHAWYsGnLcvEFk:oh0i4xBc4kDtU3kLuHlDWYsGi

Score

10^/10

mirai sora botnet upx

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  6404dbe1336d2daf31bdfd033ded500c_JaffaCakes118
- Size
  
  46KB
- MD5
  
  6404dbe1336d2daf31bdfd033ded500c
- SHA1
  
  128ff9d8791e97136af34d81735d0e1b5794426d
- SHA256
  
  d847528278f5d850d9ff2049cfd57cecf7aef1bef3ae11e99f5150bbeb5451ef
- SHA512
  
  d19339be50a129f03e404ae62e91d3535927556fcfa3892741176c1174b884f55371dd7b28406815b4c8362543690aca3ed234b3dc72a05e7f346db30a815be1
- SSDEEP
  
  768:ndG7anq6010ib43xQIDoVWQyTg6wtU3x9q3UELuF2cFfDr7JlulHAWYsGnLcvEFk:oh0i4xBc4kDtU3kLuHlDWYsGi
Score

10^/10

mirai sora botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnet