mirai | 0cb315c9a85c07283b13ef08a691c2fa50f71b54856edfe0253635f3f17dcf92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c134bd4ce1d67e4f47020fc8fc5861d3_JaffaCakes118
Size

78KB
Sample

240825-vs7zgsxann
MD5

c134bd4ce1d67e4f47020fc8fc5861d3
SHA1

63cedd6659b65f76d8ad2f1697bcc0888d62547a
SHA256

0cb315c9a85c07283b13ef08a691c2fa50f71b54856edfe0253635f3f17dcf92
SHA512

bd707b72e45bbda835739d58989a24f2d63e94995af0e4a15cc4d2a90136c205db5cf8d517b1b28fcdbf40c5cd4968631aa5b764479b62415d4dea06ec805b17
SSDEEP

1536:gGFfut163vDh5RZIghWVMQI8qUcj7vyKrWFKOh:vFfut16LhughWanBWY

Score

10^/10

mirai mirai

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cnc.eatmydick.tk

report.eatmydick.tk

Targets

- Target
  
  c134bd4ce1d67e4f47020fc8fc5861d3_JaffaCakes118
- Size
  
  78KB
- MD5
  
  c134bd4ce1d67e4f47020fc8fc5861d3
- SHA1
  
  63cedd6659b65f76d8ad2f1697bcc0888d62547a
- SHA256
  
  0cb315c9a85c07283b13ef08a691c2fa50f71b54856edfe0253635f3f17dcf92
- SHA512
  
  bd707b72e45bbda835739d58989a24f2d63e94995af0e4a15cc4d2a90136c205db5cf8d517b1b28fcdbf40c5cd4968631aa5b764479b62415d4dea06ec805b17
- SSDEEP
  
  1536:gGFfut163vDh5RZIghWVMQI8qUcj7vyKrWFKOh:vFfut16LhughWanBWY
Score

7^/10
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1