mirai | 779068ec37d66d58e03585227d10187c85c7020f13134931cf3732abfce11fc2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

dcc882bf07...kes118

ubuntu-24.04-amd64

Sharing

General

Target

dcc882bf07f5bb3ef989060011d89834_JaffaCakes118
Size

37KB
Sample

240912-wvamfaxbql
MD5

dcc882bf07f5bb3ef989060011d89834
SHA1

2d98a861b1582e1cb02d8eab97a3740356f87b4c
SHA256

779068ec37d66d58e03585227d10187c85c7020f13134931cf3732abfce11fc2
SHA512

5c9c04687b0f9724e9db3e77c2aa2d0fbc064dceab2cd715db9b66e330396fcd8b31ccbe65f2d2fdd533f2a895e4a6cb02b795e8e135c660778169dd13a8940e
SSDEEP

768:CCqN8yYtDoz51bw+xXcp4gNeDOZh/v5O2o7jM4:cYRoz5108MGDy/BO2oN

Score

10^/10

mirai botnet defense_evasion discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcc882bf07f5bb3ef989060011d89834_JaffaCakes118

Resource

ubuntu2404-amd64-20240729-en

mirai botnet defense_evasion discovery

ubuntu-24.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  dcc882bf07f5bb3ef989060011d89834_JaffaCakes118
- Size
  
  37KB
- MD5
  
  dcc882bf07f5bb3ef989060011d89834
- SHA1
  
  2d98a861b1582e1cb02d8eab97a3740356f87b4c
- SHA256
  
  779068ec37d66d58e03585227d10187c85c7020f13134931cf3732abfce11fc2
- SHA512
  
  5c9c04687b0f9724e9db3e77c2aa2d0fbc064dceab2cd715db9b66e330396fcd8b31ccbe65f2d2fdd533f2a895e4a6cb02b795e8e135c660778169dd13a8940e
- SSDEEP
  
  768:CCqN8yYtDoz51bw+xXcp4gNeDOZh/v5O2o7jM4:cYRoz5108MGDy/BO2oN
Score

10^/10

mirai botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (106450) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy