mirai | c7806e4a54922a1a1b9be0a251250fec5f125b8963af48034a72d64759c4cb0d | Triage

Sharing

General

Target

c7806e4a54922a1a1b9be0a251250fec5f125b8963af48034a72d64759c4cb0d.elf
Size

228KB
Sample

240803-cmv4mavang
MD5

95c005674f2e9269564a27b5fd515b4d
SHA1

189d4bc1fa4addc999e95443a9caca3b4740d7f1
SHA256

c7806e4a54922a1a1b9be0a251250fec5f125b8963af48034a72d64759c4cb0d
SHA512

2ddf42458f22f37afad5e8078e9144905a3664028fe8fef8ba04c0481d3ea4b86dba20d6f0219db8559113bf2d94a56dea17f938ecfe6a0f28b830ab21522a50
SSDEEP

6144:enehyEBVm2SmuqseqD5Ag50cjPtzoqnnNQ6BNhewRk:9BseqD5Ag51jlzoqnNr4

Score

10^/10

mirai mirai discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cnc.scriptkid.lol

Targets

- Target
  
  c7806e4a54922a1a1b9be0a251250fec5f125b8963af48034a72d64759c4cb0d.elf
- Size
  
  228KB
- MD5
  
  95c005674f2e9269564a27b5fd515b4d
- SHA1
  
  189d4bc1fa4addc999e95443a9caca3b4740d7f1
- SHA256
  
  c7806e4a54922a1a1b9be0a251250fec5f125b8963af48034a72d64759c4cb0d
- SHA512
  
  2ddf42458f22f37afad5e8078e9144905a3664028fe8fef8ba04c0481d3ea4b86dba20d6f0219db8559113bf2d94a56dea17f938ecfe6a0f28b830ab21522a50
- SSDEEP
  
  6144:enehyEBVm2SmuqseqD5Ag50cjPtzoqnnNQ6BNhewRk:9BseqD5Ag51jlzoqnNr4
Score

9^/10

discovery
- Contacts a large (497396) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1