Overview

overview

10

Static

static

10

1579-1-0x0...ry.dmp

ubuntu-20.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1579-1-0x0000000008048000-0x0000000008060ba0-memory.dmp

  • Size

    84KB

  • Sample

    240422-2rkwwshd26

  • MD5

    d77d29663d73a1b61807e3240445ec3d

  • SHA1

    3f9e44389bd1674e7d568950ae91fff0436eba63

  • SHA256

    9ca8cd5a7d6c71d6e9d5bf1b1048446bd207e8682decf1ddcd13e0fc8ea40f6d

  • SHA512

    8ef8529b877236729742e3f5ba76203844454613ba8fa03046d1e9ed3004a8b6243ae9e41e526598a8f06f1ed8833411b65457b1da3413a275cd1848a31e4ec5

  • SSDEEP

    1536:e1Qa8/vgugH0lbDbPYQL2vc4iI+75K+t4EYndIKr/1q3bV:e1Qj/vguo0lrPYQLCc4BgMK4ddIcYV

Score
10/10
miraiunstablediscoveryinfostealerlinuxpersistence

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

jswl.bzwl888.sbs

Targets

    • Target

      1579-1-0x0000000008048000-0x0000000008060ba0-memory.dmp

    • Size

      84KB

    • MD5

      d77d29663d73a1b61807e3240445ec3d

    • SHA1

      3f9e44389bd1674e7d568950ae91fff0436eba63

    • SHA256

      9ca8cd5a7d6c71d6e9d5bf1b1048446bd207e8682decf1ddcd13e0fc8ea40f6d

    • SHA512

      8ef8529b877236729742e3f5ba76203844454613ba8fa03046d1e9ed3004a8b6243ae9e41e526598a8f06f1ed8833411b65457b1da3413a275cd1848a31e4ec5

    • SSDEEP

      1536:e1Qa8/vgugH0lbDbPYQL2vc4iI+75K+t4EYndIKr/1q3bV:e1Qj/vguo0lrPYQLCc4BgMK4ddIcYV

    Score
    9/10
    discoveryinfostealerpersistence

    • Contacts a large (220469) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      infostealer

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Discovery

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks