mirai | 3288991971bf3b274a0b17c0c9ca0dcd349394ae50ff4c8a1e507592da6c102d | Triage

Submit
Reports

Overview

overview

Static

static

7

223b484308...kes118

ubuntu-18.04-amd64

Sharing

General

Target

223b48430897e5c90b36ba13575dc426_JaffaCakes118
Size

29KB
Sample

240507-3m7ershc68
MD5

223b48430897e5c90b36ba13575dc426
SHA1

1430db45154e9a0be4f0e65da41662ac06e60134
SHA256

3288991971bf3b274a0b17c0c9ca0dcd349394ae50ff4c8a1e507592da6c102d
SHA512

d083ef881e3384797ccf59493e3837a5f3f1c8fd8b4c8a667a3e580a2e9eaf887d477bf187cd44e601e59467bc1c859246e4a0a5c5d80cb48e2ab2b11c5fe0cd
SSDEEP

768:XHL0Vqv5jkdOGvxxaSI6tTmSZuQBi6EJ7b8:XoVqRwdjzaQYmL

Score

10^/10

mirai mirai botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

223b48430897e5c90b36ba13575dc426_JaffaCakes118

Resource

ubuntu1804-amd64-20240418-en

mirai mirai botnet discovery

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  223b48430897e5c90b36ba13575dc426_JaffaCakes118
- Size
  
  29KB
- MD5
  
  223b48430897e5c90b36ba13575dc426
- SHA1
  
  1430db45154e9a0be4f0e65da41662ac06e60134
- SHA256
  
  3288991971bf3b274a0b17c0c9ca0dcd349394ae50ff4c8a1e507592da6c102d
- SHA512
  
  d083ef881e3384797ccf59493e3837a5f3f1c8fd8b4c8a667a3e580a2e9eaf887d477bf187cd44e601e59467bc1c859246e4a0a5c5d80cb48e2ab2b11c5fe0cd
- SSDEEP
  
  768:XHL0Vqv5jkdOGvxxaSI6tTmSZuQBi6EJ7b8:XoVqRwdjzaQYmL
Score

10^/10

mirai mirai botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20237) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

miraimiraibotnetdiscovery

© 2018-2024

Terms | Privacy