mirai | 0fa2991176c797ba081b23ad323b83c97302bbffef40d4fcf95f08bf313437b5 | Triage

Submit
Reports

Overview

overview

Static

static

1

Ares.sh

ubuntu-18.04-amd64

Ares.sh

debian-9-armhf

Ares.sh

debian-9-mips

Ares.sh

debian-9-mipsel

Sharing

Copy URL Twitter E-mail

General

Target

Ares.sh
Size

2KB
Sample

240725-vnp8watajk
MD5

984a5fb6a5ed826486c777dced1853a9
SHA1

3acb7663131c3e461a0de71e631e16262273edb5
SHA256

0fa2991176c797ba081b23ad323b83c97302bbffef40d4fcf95f08bf313437b5
SHA512

845f784e12a3ca304dc2e6eb34f8dbf818938eb37ca896be0653a3268bd28388de69bbfdb5100d24367ded086a68474551773485e9e1f3db60e00f94965d2b24

Score

10^/10

mirai antivm botnet discovery linux

Static task

static1

Behavioral task

behavioral1

Sample

Ares.sh

Resource

ubuntu1804-amd64-20240611-en

mirai botnet discovery

ubuntu-18.04-amd64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ares.sh

Resource

debian9-armhf-20240611-en

mirai antivm botnet discovery

debian-9-armhf

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ares.sh

Resource

debian9-mipsbe-20240611-en

debian-9-mips

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ares.sh

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  Ares.sh
- Size
  
  2KB
- MD5
  
  984a5fb6a5ed826486c777dced1853a9
- SHA1
  
  3acb7663131c3e461a0de71e631e16262273edb5
- SHA256
  
  0fa2991176c797ba081b23ad323b83c97302bbffef40d4fcf95f08bf313437b5
- SHA512
  
  845f784e12a3ca304dc2e6eb34f8dbf818938eb37ca896be0653a3268bd28388de69bbfdb5100d24367ded086a68474551773485e9e1f3db60e00f94965d2b24
Score

10^/10

mirai botnet discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (748814) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscovery

behavioral2

miraiantivmbotnetdiscovery

behavioral3

behavioral4

© 2018-2025

Terms | Privacy