mirai | 027d638335e1a5df07ba064c74d5331acbabbe513ce71c5a09e35ad67be77d84 | Triage

Sharing

General

Target

ff1de24ca3b9518e6971a9bf80f59396_JaffaCakes118
Size

140KB
Sample

240421-myx3gahb68
MD5

ff1de24ca3b9518e6971a9bf80f59396
SHA1

d73abc6947d0e5b241aa664b008c2ae567bf8307
SHA256

027d638335e1a5df07ba064c74d5331acbabbe513ce71c5a09e35ad67be77d84
SHA512

c20a1e87b70aba22446466fa44b498df97df318ff31ec4ef51e45c86c5795b20d2ac8c5ef5121127486dc3543563c1fabfbde804daf6ad76f8bfd75acddd3e7a
SSDEEP

1536:7dUv7FP1WEmove9h7nEqJ4xPHbgM+XC7tY2Xk4xppppppppvpsTH/KzwyM:7mv7FhveLjNM2C7clfKrM

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cnc.ecstasycode.de

report.ecstasycode.xyz

Targets

- Target
  
  ff1de24ca3b9518e6971a9bf80f59396_JaffaCakes118
- Size
  
  140KB
- MD5
  
  ff1de24ca3b9518e6971a9bf80f59396
- SHA1
  
  d73abc6947d0e5b241aa664b008c2ae567bf8307
- SHA256
  
  027d638335e1a5df07ba064c74d5331acbabbe513ce71c5a09e35ad67be77d84
- SHA512
  
  c20a1e87b70aba22446466fa44b498df97df318ff31ec4ef51e45c86c5795b20d2ac8c5ef5121127486dc3543563c1fabfbde804daf6ad76f8bfd75acddd3e7a
- SSDEEP
  
  1536:7dUv7FP1WEmove9h7nEqJ4xPHbgM+XC7tY2Xk4xppppppppvpsTH/KzwyM:7mv7FhveLjNM2C7clfKrM
Score

6^/10
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1