mirai | 66fdf050bd3f28a6f07cf2e8464ab5852c3420e16c0c42fbb333194fd2e0a640 | Triage

Sharing

General

Target

a504016b26988a54ab1664b6672990d2.bin
Size

39KB
Sample

240406-b4vczsgg31
MD5

f7627cfda8472bf2e868b58c4e8c1eae
SHA1

d1a217a379174f0a76d4a816c56ca88af62d45fb
SHA256

66fdf050bd3f28a6f07cf2e8464ab5852c3420e16c0c42fbb333194fd2e0a640
SHA512

21796c327e2d6fa4f8b6c4b00cf9e54c00ad549319fba3197f5124a5050ae5a57de718c5a4c26546743944dc46de8bc35895fe4defde1d7b000c8b7e02866117
SSDEEP

768:FrzpCzBVEZ6Kbe1gjuJxRb9WAO79K5t8UndnophzNyp9JlvWdJ/xnwI:rkBVEVbe1gj0vWetZnuJo9nS/xnwI

Score

10^/10

mirai mirai discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  b9f181190f3973141da5bab0d9e980dd5fe3783287a003c7b8ee5d1e26e65d4c.elf
- Size
  
  92KB
- MD5
  
  a504016b26988a54ab1664b6672990d2
- SHA1
  
  3b4dd6b30a835e1ca24f751123bd0be91cfa0662
- SHA256
  
  b9f181190f3973141da5bab0d9e980dd5fe3783287a003c7b8ee5d1e26e65d4c
- SHA512
  
  8d6eed3738049db7885af0919412e59772278a70f9fff313bdb7a2a9974f7d17e83a56fe46579b48b07e447c1a8a6d1a56b8193c7d8fa7455c1f1d4366c524a4
- SSDEEP
  
  1536:Rlhu6EQ54YzywrPbs4CcfdXtzTbg1Ar+cMXejJ0m7iiOQxaE:vw6D5JtT4ArnMOfiiOo7
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1