mirai | 7544851e78f2a17c411b6c8253c1d98b0c3d476911ef8aa15ebf6c2fc6c18a70 | Triage

Sharing

General

Target

093dcac9d14a2fd3429a5d9faa8e0d6c_JaffaCakes118
Size

80KB
Sample

240430-g9e35sfa2s
MD5

093dcac9d14a2fd3429a5d9faa8e0d6c
SHA1

ffe1a5b5fe019d8f595a6db15bcce3353fcacca2
SHA256

7544851e78f2a17c411b6c8253c1d98b0c3d476911ef8aa15ebf6c2fc6c18a70
SHA512

3f08dde8f9c3485c8df560a990f5b497949dc690dc1f6b19a665fb6e5310b3b78bb04147e691acc9736058205e324be3ccf8838f41513ec242592386deb3b8be
SSDEEP

1536:1zOGINSnchgqR9i1uwJOjb+2h+01B9mARIuoRviW466+0OoNygbk+NUsH:1zO/NNgM92uwJO3Nh+mB9HRCJT6+0Oon

Score

10^/10

mirai sora discovery linux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  093dcac9d14a2fd3429a5d9faa8e0d6c_JaffaCakes118
- Size
  
  80KB
- MD5
  
  093dcac9d14a2fd3429a5d9faa8e0d6c
- SHA1
  
  ffe1a5b5fe019d8f595a6db15bcce3353fcacca2
- SHA256
  
  7544851e78f2a17c411b6c8253c1d98b0c3d476911ef8aa15ebf6c2fc6c18a70
- SHA512
  
  3f08dde8f9c3485c8df560a990f5b497949dc690dc1f6b19a665fb6e5310b3b78bb04147e691acc9736058205e324be3ccf8838f41513ec242592386deb3b8be
- SSDEEP
  
  1536:1zOGINSnchgqR9i1uwJOjb+2h+01B9mARIuoRviW466+0OoNygbk+NUsH:1zO/NNgM92uwJO3Nh+mB9HRCJT6+0Oon
Score

9^/10

discovery
- Contacts a large (26635) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1