mirai | 43765679bedbdb71d4e3fccf97f54289466a77c27de46fb4943a2bb5dda90ffd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ada91c51e8d2e63ec0956f3e13df2fe6_JaffaCakes118
Size

48KB
Sample

240820-dm4w7svbrl
MD5

ada91c51e8d2e63ec0956f3e13df2fe6
SHA1

2d354b517d0aaf25d9c3aedd36eb92b4fbb65407
SHA256

43765679bedbdb71d4e3fccf97f54289466a77c27de46fb4943a2bb5dda90ffd
SHA512

cd431848a50d77836ca786c7697f7d4f64718c30319a357e3d5f2e84968663a6c1a4b46509a145fcb9ba28adf2f513ab7cba5c45407ba279b3092f24d8312c83
SSDEEP

768:grVKBWE0u2E16cbBJBEbymYeAtFFagWurdqJCVqzGAcSy:gZVu2E16cbBjMymYBtFrWuxqJCVqSAc

Score

10^/10

mirai mirai linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

unicorn.d3dx9.ch

Targets

- Target
  
  ada91c51e8d2e63ec0956f3e13df2fe6_JaffaCakes118
- Size
  
  48KB
- MD5
  
  ada91c51e8d2e63ec0956f3e13df2fe6
- SHA1
  
  2d354b517d0aaf25d9c3aedd36eb92b4fbb65407
- SHA256
  
  43765679bedbdb71d4e3fccf97f54289466a77c27de46fb4943a2bb5dda90ffd
- SHA512
  
  cd431848a50d77836ca786c7697f7d4f64718c30319a357e3d5f2e84968663a6c1a4b46509a145fcb9ba28adf2f513ab7cba5c45407ba279b3092f24d8312c83
- SSDEEP
  
  768:grVKBWE0u2E16cbBJBEbymYeAtFFagWurdqJCVqzGAcSy:gZVu2E16cbBjMymYBtFrWuxqJCVqSAc
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1