mirai | 3a240c59d200ab84148aea9e5461d3881f03c54c7fb297e2dc9d0cbe40246f71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c62947c17462ca4aabde6ac69b29bb50.bin
Size

57KB
Sample

240903-b4jlgstcpp
MD5

c8a97c7677bb73da33d530bd05e1bb39
SHA1

a0161a43829c091bfdee18f65db77e13d152fd56
SHA256

3a240c59d200ab84148aea9e5461d3881f03c54c7fb297e2dc9d0cbe40246f71
SHA512

5ea0f30fb0686be7b1094c56cfcaea603b0c760fdb466a3f378ab4e9d100dea49a59ff3499a70ecfdad56a34e88f74967974264d4dd8e1e6e6c778c4c52d3393
SSDEEP

1536:yTZ9DJvYr3eB1RDmM899Oo1gkVeGO10bDxYtUCcjvOl8Cr9R:y1kOB1opbz/VpKt0jWl3

Score

10^/10

mirai botnet discovery linux persistence

Malware Config

Extracted

Family

mirai

C2

www.ckea.ru

www.akck.ru

45.152.112.46

Targets

- Target
  
  bf5af10c4ceba35363d91795b7231b92339224510923a0e01aa76b6649dfff04.elf
- Size
  
  113KB
- MD5
  
  c62947c17462ca4aabde6ac69b29bb50
- SHA1
  
  638f71c65bc039f53918bcec37506ec3cfcc6461
- SHA256
  
  bf5af10c4ceba35363d91795b7231b92339224510923a0e01aa76b6649dfff04
- SHA512
  
  209b802cab1f3669e1c17b7e2aed4c332f79ada57352e9ba6504dfe5ff835ed40dd8fd4f27922eec6d1428b0e0eea2d459012593984b9973ed95034b9eab27a4
- SSDEEP
  
  3072:6GAb5JluZ36bN4uNY+hsf18v1gXvY/tmxn1J1NQPSTPjU6Fzqo:xQJluZ36J4WY+hsf1ggfaW1LQYLtv
Score

10^/10

mirai botnet discovery persistence
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (46403) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdiscoverypersistence