mirai | 1a397580c1fd7effa067339a95834d70429089f6673144bfe8dff2706ccf29ec | Triage

Submit
Reports

Overview

overview

Static

static

7

00ce9c1932...kes118

ubuntu-18.04-amd64

Sharing

General

Target

00ce9c1932dcc6869fea7d6e5af8260a_JaffaCakes118
Size

49KB
Sample

240426-p2h4tsca72
MD5

00ce9c1932dcc6869fea7d6e5af8260a
SHA1

0c8f7ab52fd4eff36ca7aae8f1aa4ed660af73a4
SHA256

1a397580c1fd7effa067339a95834d70429089f6673144bfe8dff2706ccf29ec
SHA512

114aaa26860d9b11f5c11796f02029d7e48778a8d5130fe9118ed1555752631ef0d0efc7c9a6587406a3a99593ff9c37cedb4b237544047234bb86d7caa401c0
SSDEEP

768:eQ6JNUPjNNylsokrCFrl7y4Hq7FwgeHhRFHdPGhGF+Hy8E8nbcuyD7UkWykkAL:Z8KPnBIlZHq7qg2VLqy8xnouy8kzkk6

Score

10^/10

mirai tsunami antivm botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

00ce9c1932dcc6869fea7d6e5af8260a_JaffaCakes118

Resource

ubuntu1804-amd64-20240418-en

mirai tsunami antivm botnet discovery

ubuntu-18.04-amd64

12 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

TSUNAMI

Targets

- Target
  
  00ce9c1932dcc6869fea7d6e5af8260a_JaffaCakes118
- Size
  
  49KB
- MD5
  
  00ce9c1932dcc6869fea7d6e5af8260a
- SHA1
  
  0c8f7ab52fd4eff36ca7aae8f1aa4ed660af73a4
- SHA256
  
  1a397580c1fd7effa067339a95834d70429089f6673144bfe8dff2706ccf29ec
- SHA512
  
  114aaa26860d9b11f5c11796f02029d7e48778a8d5130fe9118ed1555752631ef0d0efc7c9a6587406a3a99593ff9c37cedb4b237544047234bb86d7caa401c0
- SSDEEP
  
  768:eQ6JNUPjNNylsokrCFrl7y4Hq7FwgeHhRFHdPGhGF+Hy8E8nbcuyD7UkWykkAL:Z8KPnBIlZHq7qg2VLqy8xnouy8kzkk6
Score

10^/10

mirai tsunami antivm botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (439396) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Legitimate hosting services abused for malware hosting/C2
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraitsunamiantivmbotnetdiscovery

© 2018-2024

Terms | Privacy