mirai | 013b159ead346b5e5cce18fe84bf9609a59d906aa27fc650768a561993a4fb35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

005c22845f8b7d92702ee3a5c37489cf_JaffaCakes118
Size

54KB
Sample

240727-y8hlbazclg
MD5

005c22845f8b7d92702ee3a5c37489cf
SHA1

202c937af16d9fca2a5b8e5b4ea90a74750f1e3a
SHA256

013b159ead346b5e5cce18fe84bf9609a59d906aa27fc650768a561993a4fb35
SHA512

e8ac5683dbfdccde0e235de2b280dfddf4c62b69410c8dbc2b5b83f65dcb70e4c1670b407dee30cc8d14aad0e09ab34d15ab00a866a38c5012a234eb5e525ded
SSDEEP

1536:36Ew7hWCbZ6OzptrGP85wXyQGWTF+bt+Rc:C1W4Z6OzP4NXyQGWp+bQK

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

horsecocked.4horsemen.pw

Targets

- Target
  
  005c22845f8b7d92702ee3a5c37489cf_JaffaCakes118
- Size
  
  54KB
- MD5
  
  005c22845f8b7d92702ee3a5c37489cf
- SHA1
  
  202c937af16d9fca2a5b8e5b4ea90a74750f1e3a
- SHA256
  
  013b159ead346b5e5cce18fe84bf9609a59d906aa27fc650768a561993a4fb35
- SHA512
  
  e8ac5683dbfdccde0e235de2b280dfddf4c62b69410c8dbc2b5b83f65dcb70e4c1670b407dee30cc8d14aad0e09ab34d15ab00a866a38c5012a234eb5e525ded
- SSDEEP
  
  1536:36Ew7hWCbZ6OzptrGP85wXyQGWTF+bt+Rc:C1W4Z6OzP4NXyQGWp+bQK
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1