mirai | 0574d9645ffc411482391a62e3ede2806c1224283f330fa2838dd3eb21551723 | Triage

Submit
Reports

Overview

overview

Static

static

7

f8fe1ee9e2...kes118

debian-9-mipsel

Sharing

General

Target

f8fe1ee9e272ea8cf03d9b8f2019ec54_JaffaCakes118
Size

28KB
Sample

240418-3h3wsabb7t
MD5

f8fe1ee9e272ea8cf03d9b8f2019ec54
SHA1

d3ec2c25bfe6bdd2186def73eed240270f7bb6d1
SHA256

0574d9645ffc411482391a62e3ede2806c1224283f330fa2838dd3eb21551723
SHA512

fa4f489dd07e0465ad71f84084540d57f7be0253f4253eac361a0f154939a6939c8e84babcc73ecc24f92a805a64c701785db6cfdd8907f6901f8bcdc7a12d90
SSDEEP

768:G9Jd9zCnnaNq4pgFw+0iOXITr6p0SAgGWS:G9JdmOqwgFJOXP4

Score

10^/10

mirai mirai botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f8fe1ee9e272ea8cf03d9b8f2019ec54_JaffaCakes118

Resource

debian9-mipsel-20240226-en

mirai mirai botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  f8fe1ee9e272ea8cf03d9b8f2019ec54_JaffaCakes118
- Size
  
  28KB
- MD5
  
  f8fe1ee9e272ea8cf03d9b8f2019ec54
- SHA1
  
  d3ec2c25bfe6bdd2186def73eed240270f7bb6d1
- SHA256
  
  0574d9645ffc411482391a62e3ede2806c1224283f330fa2838dd3eb21551723
- SHA512
  
  fa4f489dd07e0465ad71f84084540d57f7be0253f4253eac361a0f154939a6939c8e84babcc73ecc24f92a805a64c701785db6cfdd8907f6901f8bcdc7a12d90
- SSDEEP
  
  768:G9Jd9zCnnaNq4pgFw+0iOXITr6p0SAgGWS:G9JdmOqwgFJOXP4
Score

10^/10

mirai mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20433) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraimiraibotnetdiscovery

© 2018-2024

Terms | Privacy