mirai | 869e49b88bdbf5e4799869672ed02961af3e6689a1679d3bf18fe7036cd9b1b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

869e49b88bdbf5e4799869672ed02961af3e6689a1679d3bf18fe7036cd9b1b7
Size

101KB
Sample

240818-xh2e3aycnd
MD5

0a56e162bc0fc77233ab8e86bd5d87a3
SHA1

8184ece803fea5d7e3fd8d68affbdb0853362409
SHA256

869e49b88bdbf5e4799869672ed02961af3e6689a1679d3bf18fe7036cd9b1b7
SHA512

a7a0e793a5bd1c48144fd64eb0f16a16090484bfaed92c8cd0d963b528af720d72c01742eccb4b251a94da6aa8374d1e25d3373db7af9f673c16e8ef885817b0
SSDEEP

3072:5MHPp2Y44jMF2uSHfFBIFKFbwexZSNgyJxVt:5MHPp2YjRuSHfFBMKOeSNgsxVt

Score

10^/10

mirai discovery

Malware Config

Targets

- Target
  
  869e49b88bdbf5e4799869672ed02961af3e6689a1679d3bf18fe7036cd9b1b7
- Size
  
  101KB
- MD5
  
  0a56e162bc0fc77233ab8e86bd5d87a3
- SHA1
  
  8184ece803fea5d7e3fd8d68affbdb0853362409
- SHA256
  
  869e49b88bdbf5e4799869672ed02961af3e6689a1679d3bf18fe7036cd9b1b7
- SHA512
  
  a7a0e793a5bd1c48144fd64eb0f16a16090484bfaed92c8cd0d963b528af720d72c01742eccb4b251a94da6aa8374d1e25d3373db7af9f673c16e8ef885817b0
- SSDEEP
  
  3072:5MHPp2Y44jMF2uSHfFBIFKFbwexZSNgyJxVt:5MHPp2YjRuSHfFBMKOeSNgsxVt
Score

9^/10

discovery
- Contacts a large (54909) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1