mirai | e4f564bfa67ec5c03a377d68059c384772583bb1b8ad9df985417c08dc74dfe1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fa1e32cbe0...kes118

debian-9-armhf

9

Sharing

General

Target

fa1e32cbe0584607d7ea9ecbbba007f0_JaffaCakes118
Size

58KB
Sample

240927-k2zdlavdnn
MD5

fa1e32cbe0584607d7ea9ecbbba007f0
SHA1

2f293364fbac2e6bf9991405c731dc397fff3b72
SHA256

e4f564bfa67ec5c03a377d68059c384772583bb1b8ad9df985417c08dc74dfe1
SHA512

1e3d4e6737dc96f78b6885da4509b0267c6dc3fac6ef5771ed780312f09321e7fd81b784ad3587dbf5b19a960b44af43538a6bd8a0319664f30b513e43f8ebba
SSDEEP

1536:/pT+/t4SHZDS8Ln73MWX+3ZcWbZpl5t5W8xw1o:/pT+/HZDS8mSUZv5bW8xio

Score

10^/10

mirai mirai defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa1e32cbe0584607d7ea9ecbbba007f0_JaffaCakes118

Resource

debian9-armhf-20240611-en

defense_evasion discovery

debian-9-armhf

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

r.nexusiotsolutions.net

Targets

- Target
  
  fa1e32cbe0584607d7ea9ecbbba007f0_JaffaCakes118
- Size
  
  58KB
- MD5
  
  fa1e32cbe0584607d7ea9ecbbba007f0
- SHA1
  
  2f293364fbac2e6bf9991405c731dc397fff3b72
- SHA256
  
  e4f564bfa67ec5c03a377d68059c384772583bb1b8ad9df985417c08dc74dfe1
- SHA512
  
  1e3d4e6737dc96f78b6885da4509b0267c6dc3fac6ef5771ed780312f09321e7fd81b784ad3587dbf5b19a960b44af43538a6bd8a0319664f30b513e43f8ebba
- SSDEEP
  
  1536:/pT+/t4SHZDS8Ln73MWX+3ZcWbZpl5t5W8xw1o:/pT+/HZDS8mSUZv5bW8xio
Score

9^/10

defense_evasion discovery
- Contacts a large (8155) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.