mirai | 01d1a362d0bfadc0c879e553d5b014aef27de86fc6b21c76d17780840a4c7967 | Triage

Submit
Reports

Overview

overview

Static

static

7

fb76979985...kes118

debian-12-mipsel

Sharing

General

Target

fb769799851c6c14cdc97e37a8f72e9a_JaffaCakes118
Size

45KB
Sample

240420-ab4waaah92
MD5

fb769799851c6c14cdc97e37a8f72e9a
SHA1

3b74551cfaf4dce5756a6f4d4d42fdb0199bcf9f
SHA256

01d1a362d0bfadc0c879e553d5b014aef27de86fc6b21c76d17780840a4c7967
SHA512

6752ba40d3a58c402d3479498951cd7fd5d8bebd50f9e4047388d6d065bb7c1ba3c862dd0cd55ad8cca900d82e1d4a8badc46c72e345497ff653a895bdb5c8dd
SSDEEP

768:5znqKaiUxf0myocB15HcUx6yaFFy5SG2AYZkt2+80up0HiMzDR7knT0eDviL3Whu:5bqDNcB15HX6/vGSxJZo80upgiMzD1kM

Score

10^/10

mirai kyton botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb769799851c6c14cdc97e37a8f72e9a_JaffaCakes118

Resource

debian12-mipsel-20240221-en

mirai kyton botnet discovery

debian-12-mipsel

10 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

- Target
  
  fb769799851c6c14cdc97e37a8f72e9a_JaffaCakes118
- Size
  
  45KB
- MD5
  
  fb769799851c6c14cdc97e37a8f72e9a
- SHA1
  
  3b74551cfaf4dce5756a6f4d4d42fdb0199bcf9f
- SHA256
  
  01d1a362d0bfadc0c879e553d5b014aef27de86fc6b21c76d17780840a4c7967
- SHA512
  
  6752ba40d3a58c402d3479498951cd7fd5d8bebd50f9e4047388d6d065bb7c1ba3c862dd0cd55ad8cca900d82e1d4a8badc46c72e345497ff653a895bdb5c8dd
- SSDEEP
  
  768:5znqKaiUxf0myocB15HcUx6yaFFy5SG2AYZkt2+80up0HiMzDR7knT0eDviL3Whu:5bqDNcB15HX6/vGSxJZo80upgiMzD1kM
Score

10^/10

mirai kyton botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (199029) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraikytonbotnetdiscovery

© 2018-2024

Terms | Privacy