mirai | f31864614b06542c7128c1df20768c2f26464c32be9dd18b5e2c1252b3bb44f1 | Triage

Sharing

General

Target

8UsA.sh
Size

1KB
Sample

241120-aayb4swfmk
MD5

0b5a60057fc9d9ce95ba5cdaab501e68
SHA1

879040e7114865f81dbd3f2fb41409e0cb3b8966
SHA256

f31864614b06542c7128c1df20768c2f26464c32be9dd18b5e2c1252b3bb44f1
SHA512

d97b13f656458456b934ab1cdc205ec4efedebfa8ee98675ba38865e916563487d1fd5c649afad7376f469a60ecd16b7c502c549ac095d8be234f6d9e876f351

Score

10^/10

mirai antivm botnet defense_evasion discovery linux

Malware Config

Targets

- Target
  
  8UsA.sh
- Size
  
  1KB
- MD5
  
  0b5a60057fc9d9ce95ba5cdaab501e68
- SHA1
  
  879040e7114865f81dbd3f2fb41409e0cb3b8966
- SHA256
  
  f31864614b06542c7128c1df20768c2f26464c32be9dd18b5e2c1252b3bb44f1
- SHA512
  
  d97b13f656458456b934ab1cdc205ec4efedebfa8ee98675ba38865e916563487d1fd5c649afad7376f469a60ecd16b7c502c549ac095d8be234f6d9e876f351
Score

10^/10

mirai botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (1777608) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdefense_evasiondiscovery

behavioral2

miraiantivmbotnetdefense_evasiondiscovery

behavioral3

miraibotnetdefense_evasiondiscovery

behavioral4

miraibotnetdefense_evasiondiscovery