mirai | f07e7be800375fe1f6abf22a2d1fc52a3e26cb33cef6c81d48dcdf417a5c1f77 | Triage

Sharing

General

Target

9e8f8052fc344317dd33e0ac480d9aa5_JaffaCakes118
Size

60KB
Sample

240611-r6apcs1enm
MD5

9e8f8052fc344317dd33e0ac480d9aa5
SHA1

23e76a0d934710f438904f9a19ed42cff86a49df
SHA256

f07e7be800375fe1f6abf22a2d1fc52a3e26cb33cef6c81d48dcdf417a5c1f77
SHA512

0ff745cea223b68ed9b05e05ad4bab47d643602eb7fdc76e751d111d19b1bbed11f832e7dcd80d40158e1ea8aee26b030c1b16ab159e31710f9f8964e4ec41c7
SSDEEP

1536:rFey3dOtad1I4VM7wC52AlufCoW9sqgF2p8f8D:Jn3Qtad1x5c2UufHWOqgwi

Score

10^/10

mirai mirai discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cmd.spai3n.ru

rep.spai3n.ru

Targets

- Target
  
  9e8f8052fc344317dd33e0ac480d9aa5_JaffaCakes118
- Size
  
  60KB
- MD5
  
  9e8f8052fc344317dd33e0ac480d9aa5
- SHA1
  
  23e76a0d934710f438904f9a19ed42cff86a49df
- SHA256
  
  f07e7be800375fe1f6abf22a2d1fc52a3e26cb33cef6c81d48dcdf417a5c1f77
- SHA512
  
  0ff745cea223b68ed9b05e05ad4bab47d643602eb7fdc76e751d111d19b1bbed11f832e7dcd80d40158e1ea8aee26b030c1b16ab159e31710f9f8964e4ec41c7
- SSDEEP
  
  1536:rFey3dOtad1I4VM7wC52AlufCoW9sqgF2p8f8D:Jn3Qtad1x5c2UufHWOqgwi
Score

9^/10

discovery
- Contacts a large (2080) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1