mirai | ca57064d873efe0819caf6a2b16b0e57ffb7b97401929cdde83b62de9cf45e7b | Triage

Sharing

General

Target

ca57064d873efe0819caf6a2b16b0e57ffb7b97401929cdde83b62de9cf45e7b.sh
Size

2KB
Sample

241103-efdbcathpf
MD5

e4e77af4bac19bf01d29278bd0e9e586
SHA1

c196bf5f34ff7ea2153847184efb61e1660a156b
SHA256

ca57064d873efe0819caf6a2b16b0e57ffb7b97401929cdde83b62de9cf45e7b
SHA512

84b295fee8cd431551221eaf5bb3148d58c5e58fce7a824bd30b0f6debff6cb10443518167a61eb4e06ee3802b0c476a8c464c8481f38fa4cd1208566adbb10e

Score

10^/10

mirai unstable antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

server.myway-ing.win

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

C2

server.myway-ing.win

Targets

- Target
  
  ca57064d873efe0819caf6a2b16b0e57ffb7b97401929cdde83b62de9cf45e7b.sh
- Size
  
  2KB
- MD5
  
  e4e77af4bac19bf01d29278bd0e9e586
- SHA1
  
  c196bf5f34ff7ea2153847184efb61e1660a156b
- SHA256
  
  ca57064d873efe0819caf6a2b16b0e57ffb7b97401929cdde83b62de9cf45e7b
- SHA512
  
  84b295fee8cd431551221eaf5bb3148d58c5e58fce7a824bd30b0f6debff6cb10443518167a61eb4e06ee3802b0c476a8c464c8481f38fa4cd1208566adbb10e
Score

10^/10

mirai unstable botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Deletes itself
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstablebotnetdefense_evasiondiscovery

behavioral2

miraiunstableantivmbotnetdefense_evasiondiscovery

behavioral3

miraiunstablebotnetdefense_evasiondiscovery

behavioral4

miraiunstablebotnetdefense_evasiondiscovery