mirai

General

Target

jaws
Size

4KB
Sample

240522-yqwp8aed6x
MD5

5adf41e80215cac4dc1538446487d001
SHA1

5f9e0bbe5a6dec3b9bb42a9fbeac4e024c00eb54
SHA256

2867b3fd3c840aa9c868a88a5f6d417a09e4158f8209f0450a07eeb7e99ba4c8
SHA512

de77b41426bc6c0a981a9317b24efedfe7aa15108ad73af8f3d46c8476e00b7fd29f6d70ffdb633a89394d55f4cbf27ff73b089b8fdab0c83ffdc40b1d241e9e
SSDEEP

48:vZ0MV4k0ZT1V4QZrOrWV4hZooV4bZEMEEV4EfZskV4/ZT1V4QZPZV48ZiSV4xZyH:v7e7nVi32+bEpftMzbLZlyL0vJj1Xf

Score

10^/10

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

jswl.lbz8.top

Targets

- Target
  
  jaws
- Size
  
  4KB
- MD5
  
  5adf41e80215cac4dc1538446487d001
- SHA1
  
  5f9e0bbe5a6dec3b9bb42a9fbeac4e024c00eb54
- SHA256
  
  2867b3fd3c840aa9c868a88a5f6d417a09e4158f8209f0450a07eeb7e99ba4c8
- SHA512
  
  de77b41426bc6c0a981a9317b24efedfe7aa15108ad73af8f3d46c8476e00b7fd29f6d70ffdb633a89394d55f4cbf27ff73b089b8fdab0c83ffdc40b1d241e9e
- SSDEEP
  
  48:vZ0MV4k0ZT1V4QZrOrWV4hZooV4bZEMEEV4EfZskV4/ZT1V4QZPZV48ZiSV4xZyH:v7e7nVi32+bEpftMzbLZlyL0vJj1Xf
Score

10^/10

discovery motw phishing mirai unstable botnet upx
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (3263782) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates running processes
  Discovers information about currently running processes on the system
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

1

T1574

Privilege Escalation

Hijack Execution Flow

1

T1574

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

2

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contacts a large (3263782) amount of remote hosts

Creates a large amount of network flows

Executes dropped EXE

Modifies Watchdog functionality

UPX packed file

Enumerates running processes

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8