mirai | 3f80e2b54e29e811e8bf96d44e7070cac503d86a723f42541eaad8ef7fa340d5 | Triage

Sharing

General

Target

365fb06c3ae675193d3f3007b64aa35d_JaffaCakes118
Size

137KB
Sample

240511-y4fadsac98
MD5

365fb06c3ae675193d3f3007b64aa35d
SHA1

35ac75343dbd2309c6c8d460b272de814e0a305e
SHA256

3f80e2b54e29e811e8bf96d44e7070cac503d86a723f42541eaad8ef7fa340d5
SHA512

b6f806ff84cc619ebc1326e91b8e8747184d2bd24df28e661ba466ca77bcd15f008c768af83a081e991e5dc1f9ad66a2830e13b780cfc589126f9c47a61855a6
SSDEEP

3072:amCWeXooLmpMguHcUuVUHalw7WjuH0XsfCUqwihLPRXgeTZevXs9SoD2Hrmz2M/G:amCWfoLmpMguHcUuVUHalw7WjuH0Xsft

Score

10^/10

mirai lzrd discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  365fb06c3ae675193d3f3007b64aa35d_JaffaCakes118
- Size
  
  137KB
- MD5
  
  365fb06c3ae675193d3f3007b64aa35d
- SHA1
  
  35ac75343dbd2309c6c8d460b272de814e0a305e
- SHA256
  
  3f80e2b54e29e811e8bf96d44e7070cac503d86a723f42541eaad8ef7fa340d5
- SHA512
  
  b6f806ff84cc619ebc1326e91b8e8747184d2bd24df28e661ba466ca77bcd15f008c768af83a081e991e5dc1f9ad66a2830e13b780cfc589126f9c47a61855a6
- SSDEEP
  
  3072:amCWeXooLmpMguHcUuVUHalw7WjuH0XsfCUqwihLPRXgeTZevXs9SoD2Hrmz2M/G:amCWfoLmpMguHcUuVUHalw7WjuH0Xsft
Score

9^/10

discovery
- Contacts a large (103320) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1