mirai | f436f47605d15c192119e9be1343bbdeef99a5c1595751832ffaa2501812e22c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87da63402883347bf7c4967935c7a22d_JaffaCakes118
Size

48KB
Sample

240810-1zhwtsvbpe
MD5

87da63402883347bf7c4967935c7a22d
SHA1

f292cb2546c91e5b73efa6297f31445cc515e355
SHA256

f436f47605d15c192119e9be1343bbdeef99a5c1595751832ffaa2501812e22c
SHA512

8a9e6722f8ff90aab35c770a951ddd232eaa072507b95396801db6228dec6d633fb2db1038bc6777479dace651bbd1906e6c3876026843f23b6aade6b573e562
SSDEEP

768:ZpkWWzNonwOTBgB6bP/r0gbFKrjSWOrdKJ0szGAcNK:ZkNonwOTBcWP/rHbFYSWOxKJ0sSAc

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  87da63402883347bf7c4967935c7a22d_JaffaCakes118
- Size
  
  48KB
- MD5
  
  87da63402883347bf7c4967935c7a22d
- SHA1
  
  f292cb2546c91e5b73efa6297f31445cc515e355
- SHA256
  
  f436f47605d15c192119e9be1343bbdeef99a5c1595751832ffaa2501812e22c
- SHA512
  
  8a9e6722f8ff90aab35c770a951ddd232eaa072507b95396801db6228dec6d633fb2db1038bc6777479dace651bbd1906e6c3876026843f23b6aade6b573e562
- SSDEEP
  
  768:ZpkWWzNonwOTBgB6bP/r0gbFKrjSWOrdKJ0szGAcNK:ZkNonwOTBcWP/rHbFYSWOxKJ0sSAc
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1