mirai | 12ed34665a00c1146af0946b4d5507b7be233f304c5f4c112ae0f25cf5bce4f0 | Triage

Resubmissions

22-05-2024 18:59

240522-xnd7qach31 10

22-05-2024 18:32

240522-w6z2gacb95 10

22-05-2024 14:30

240522-rt7hkaed46 10

Sharing

General

Target

12ed34665a00c1146af0946b4d5507b7be233f304c5f4c112ae0f25cf5bce4f0
Size

42KB
Sample

240522-xnd7qach31
MD5

92c82e2f0de3f209ead988349a9fe116
SHA1

6707a7a20f202575552292bf2d176ef6f82b4403
SHA256

12ed34665a00c1146af0946b4d5507b7be233f304c5f4c112ae0f25cf5bce4f0
SHA512

d05cf486b73e5e95ba403763b74ba497e788a36863d4cfdacf108b50211fb2840ff48011423a4af9b4f7e8e59adbc31bfed908a672279abd98f2171dc6501ad1
SSDEEP

768:D/tQ282Ouq7CUORXVWCF8BciZ2xV8z4nRN5b:ztQ282Ouq7CUOZMCuy1xez4RN5b

Score

10^/10

mirai botnet linux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  12ed34665a00c1146af0946b4d5507b7be233f304c5f4c112ae0f25cf5bce4f0
- Size
  
  42KB
- MD5
  
  92c82e2f0de3f209ead988349a9fe116
- SHA1
  
  6707a7a20f202575552292bf2d176ef6f82b4403
- SHA256
  
  12ed34665a00c1146af0946b4d5507b7be233f304c5f4c112ae0f25cf5bce4f0
- SHA512
  
  d05cf486b73e5e95ba403763b74ba497e788a36863d4cfdacf108b50211fb2840ff48011423a4af9b4f7e8e59adbc31bfed908a672279abd98f2171dc6501ad1
- SSDEEP
  
  768:D/tQ282Ouq7CUORXVWCF8BciZ2xV8z4nRN5b:ztQ282Ouq7CUOZMCuy1xez4RN5b
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1