mirai | 848b24188bb64b490fd0ab150eed506f8cc54055ad8e84d9120927995ac5f282 | Triage

Resubmissions

06/09/2024, 16:39

240906-t6bb1awhpk 10

06/09/2024, 16:01

240906-tgps4avfmq 10

05/09/2024, 17:38

240905-v7qnrawdlj 10

05/09/2024, 17:34

240905-v5j37awhkd 10

05/09/2024, 17:29

240905-v2xj4swckr 10

Sharing

General

Target

e1e9e081c9e730efa06ba1ae1c93a8960f6f7730f902ac824c2835dec901964c.zip
Size

59KB
Sample

240906-tgps4avfmq
MD5

ea7680d1bc06127ebb0e7db0eabee069
SHA1

70c2c1c9016461ad212cc545d5c694c84ec176f4
SHA256

848b24188bb64b490fd0ab150eed506f8cc54055ad8e84d9120927995ac5f282
SHA512

a5462d44ad7f6cddc958e27fed2501f5db7134bec5b1556e232daf6f372ee59e31b4fad9f40efd03ac7479910b9bebc2ba116b7a5bf2108148f205eaa9e4b2b1
SSDEEP

1536:X7HsxyYXu57z99xEPNu128V5yt5GvN5d2ol7E763ca4pcc:b2Xu5759xwc5yOB2o1k9a46c

Score

10^/10

mirai botnet execution persistence privilege_escalatio

Malware Config

Extracted

Family

mirai

C2

www.india-scam-call-center.pw

Targets

- Target
  
  e1e9e081c9e730efa06ba1ae1c93a8960f6f7730f902ac824c2835dec901964c.elf
- Size
  
  117KB
- MD5
  
  4a562992cfe96cca14e9ae680caf1064
- SHA1
  
  8b50ff3f0f4f77431f083d1f527361ced31e228f
- SHA256
  
  e1e9e081c9e730efa06ba1ae1c93a8960f6f7730f902ac824c2835dec901964c
- SHA512
  
  1e606c5d99fa9958da72a80d2e182b596819a98d0a8852514a3fee01e907a526a7300c10837342535051e72082b029b3f33bd32b81bc45c805f8be3c9f83a6b3
- SSDEEP
  
  3072:AVDvu7a0GkH8XcaUJrfhZVNFNITaKW7lJwY7:Ac7axkHYcaUJrfhZLFNbKylOY7
Score

10^/10

mirai botnet execution persistence privilege_escalatio
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetexecutionpersistenceprivilege_escalatio