mirai | 628accd0594f41e639d2dc6754df54dce1892ea79f74a60001bf6688b13f01bd | Triage

Sharing

General

Target

16ea0d9c671e0391043d58b512ed3b1e_JaffaCakes118
Size

144KB
Sample

240505-kt7d8sch6t
MD5

16ea0d9c671e0391043d58b512ed3b1e
SHA1

40728173a8129b026a8d0498b21f0a5428479c13
SHA256

628accd0594f41e639d2dc6754df54dce1892ea79f74a60001bf6688b13f01bd
SHA512

3e5d6a0262ff0ba98ba161310a7bce28c4d886c32a27da466a306fc5f9b40346de235319e22a55e1bd4ec1e718a152ef1813af233d10999e05848f72337b3a37
SSDEEP

3072:HKvvsSjh0lE+KHw/r9mrsplDKZUoQBKXAVaneX+F8JyvLlhLUgP5bfsjJNxe+SJN:HKvvsSjh0lE+KHyr9mrsplDKZUoQBKXz

Score

10^/10

mirai lzrd discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  16ea0d9c671e0391043d58b512ed3b1e_JaffaCakes118
- Size
  
  144KB
- MD5
  
  16ea0d9c671e0391043d58b512ed3b1e
- SHA1
  
  40728173a8129b026a8d0498b21f0a5428479c13
- SHA256
  
  628accd0594f41e639d2dc6754df54dce1892ea79f74a60001bf6688b13f01bd
- SHA512
  
  3e5d6a0262ff0ba98ba161310a7bce28c4d886c32a27da466a306fc5f9b40346de235319e22a55e1bd4ec1e718a152ef1813af233d10999e05848f72337b3a37
- SSDEEP
  
  3072:HKvvsSjh0lE+KHw/r9mrsplDKZUoQBKXAVaneX+F8JyvLlhLUgP5bfsjJNxe+SJN:HKvvsSjh0lE+KHyr9mrsplDKZUoQBKXz
Score

9^/10

discovery
- Contacts a large (20245) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1