mirai | 85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1 | Triage

Sharing

General

Target

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
Size

8KB
Sample

240902-bjdvhaxcmn
MD5

86311599eaaff9e71ddc72ada1b21c2e
SHA1

572f97e41071d072dfc97127454d4978b50a81e2
SHA256

85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1
SHA512

74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317
SSDEEP

96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7

Score

10^/10

mirai antivm botnet discovery linux persistence

Malware Config

Extracted

Family

mirai

C2

www.ckea.ru

www.akck.ru

45.152.112.46

Extracted

Family

mirai

C2

www.akck.ru

Targets

- Target
  
  85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown
- Size
  
  8KB
- MD5
  
  86311599eaaff9e71ddc72ada1b21c2e
- SHA1
  
  572f97e41071d072dfc97127454d4978b50a81e2
- SHA256
  
  85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1
- SHA512
  
  74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317
- SSDEEP
  
  96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7
Score

10^/10

mirai botnet discovery persistence antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (42975) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscoverypersistence

behavioral2

miraiantivmbotnetdiscoverypersistence

behavioral3

behavioral4

miraibotnetdiscoverypersistence