mirai | 452852ea21e0df0142de370d318158a5d0b3103ac80e7f98af7febf78371bbe4 | Triage

Sharing

General

Target

d570798ad9c6ff5d0c4d801ba9b86337_JaffaCakes118
Size

83KB
Sample

240909-bs5dtavenp
MD5

d570798ad9c6ff5d0c4d801ba9b86337
SHA1

724598681370eb8e61272dc0b33240b55daf5e21
SHA256

452852ea21e0df0142de370d318158a5d0b3103ac80e7f98af7febf78371bbe4
SHA512

9084c1470565595c92a57616330a6708fdac633443cc42f314525e42923ef2d5223a0d37cc44037e13d7977f40e95a414356e3e224fc4bf53cce56f9203fe61d
SSDEEP

1536:SBuBWBSIv8r37iW7tjmpv0oMr/aZFU/E8BoeMTBBB/lshuN:SsBWBSIkr3757lmqaz8+RBBBGwN

Score

10^/10

mirai mirai discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

cnc.tonguepunchfartbox.life

receive.tonguepunchfartbox.life

Targets

- Target
  
  d570798ad9c6ff5d0c4d801ba9b86337_JaffaCakes118
- Size
  
  83KB
- MD5
  
  d570798ad9c6ff5d0c4d801ba9b86337
- SHA1
  
  724598681370eb8e61272dc0b33240b55daf5e21
- SHA256
  
  452852ea21e0df0142de370d318158a5d0b3103ac80e7f98af7febf78371bbe4
- SHA512
  
  9084c1470565595c92a57616330a6708fdac633443cc42f314525e42923ef2d5223a0d37cc44037e13d7977f40e95a414356e3e224fc4bf53cce56f9203fe61d
- SSDEEP
  
  1536:SBuBWBSIv8r37iW7tjmpv0oMr/aZFU/E8BoeMTBBB/lshuN:SsBWBSIkr3757lmqaz8+RBBBGwN
Score

9^/10

discovery rootkit
- Contacts a large (23991) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit