mirai | 8c77a5d369d51f1e2a3ca2cf5e9696538c9f3b504a51ee582f2725dde4b233ce | Triage

Sharing

General

Target

5030a58c191b6881c4f1d0c40d6b5a0e_JaffaCakes118
Size

143KB
Sample

240517-stl3asdh51
MD5

5030a58c191b6881c4f1d0c40d6b5a0e
SHA1

3a2ca44090de32a93a37842661c1d4911e546f4b
SHA256

8c77a5d369d51f1e2a3ca2cf5e9696538c9f3b504a51ee582f2725dde4b233ce
SHA512

9f86d63bbe3c62a2be0ff73b249730fe31f26b3d2f6e2c467730d98c09ac7ab5c7a470f9a7bb067506c8d1249a5ca644f4a482a9b7046e4219344ccb9d596c92
SSDEEP

3072:jP1A/fZoFCwUJ+TAF0Z8gSn0dCfEh3ejLTEHFUItqXXewZmvkNyDgZkV2vIB64c9:jP1A/f6AlJ+TAF0Z8gs0dCfEh3ejLTqo

Score

10^/10

mirai mirai discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

darkdnsnet.duckdns.org

darkdnsscan.duckdns.org

Targets

- Target
  
  5030a58c191b6881c4f1d0c40d6b5a0e_JaffaCakes118
- Size
  
  143KB
- MD5
  
  5030a58c191b6881c4f1d0c40d6b5a0e
- SHA1
  
  3a2ca44090de32a93a37842661c1d4911e546f4b
- SHA256
  
  8c77a5d369d51f1e2a3ca2cf5e9696538c9f3b504a51ee582f2725dde4b233ce
- SHA512
  
  9f86d63bbe3c62a2be0ff73b249730fe31f26b3d2f6e2c467730d98c09ac7ab5c7a470f9a7bb067506c8d1249a5ca644f4a482a9b7046e4219344ccb9d596c92
- SSDEEP
  
  3072:jP1A/fZoFCwUJ+TAF0Z8gSn0dCfEh3ejLTEHFUItqXXewZmvkNyDgZkV2vIB64c9:jP1A/f6AlJ+TAF0Z8gs0dCfEh3ejLTqo
Score

9^/10

discovery
- Contacts a large (20548) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1