mirai | 98c896f0a1477f6d319041199d2e31efbe6aac41d075b9208819156e56348ba4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a53b20107f8cf96b08d3f8e774eb574_JaffaCakes118
Size

56KB
Sample

240610-cp3aqaaf3s
MD5

9a53b20107f8cf96b08d3f8e774eb574
SHA1

13256e113145ef6054bb89902f1f7e31706814b1
SHA256

98c896f0a1477f6d319041199d2e31efbe6aac41d075b9208819156e56348ba4
SHA512

c7a020b3f3a22e031673b71fb09659bf044cfa89d6395cca29c01586d1ccba243e9d3e6222b7a7f7632d1853c9249c579e42fd6834eb8c89468afc5c8759d3da
SSDEEP

1536:QBwJAdM0MdEREDb3PosTW3SCp1YINowRTPrWW2:9AOcR4LPciCp1YIewVCW

Score

10^/10

mirai orphic discovery linux

Malware Config

Extracted

Family

mirai

Botnet

ORPHIC

C2

cnc.nomalwareinvoled.xyz

scan.nomalwareinvoled.xyz

Targets

- Target
  
  9a53b20107f8cf96b08d3f8e774eb574_JaffaCakes118
- Size
  
  56KB
- MD5
  
  9a53b20107f8cf96b08d3f8e774eb574
- SHA1
  
  13256e113145ef6054bb89902f1f7e31706814b1
- SHA256
  
  98c896f0a1477f6d319041199d2e31efbe6aac41d075b9208819156e56348ba4
- SHA512
  
  c7a020b3f3a22e031673b71fb09659bf044cfa89d6395cca29c01586d1ccba243e9d3e6222b7a7f7632d1853c9249c579e42fd6834eb8c89468afc5c8759d3da
- SSDEEP
  
  1536:QBwJAdM0MdEREDb3PosTW3SCp1YINowRTPrWW2:9AOcR4LPciCp1YIewVCW
Score

9^/10

discovery
- Contacts a large (74959) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1