mirai | 9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5 | Triage

Sharing

General

Target

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
Size

61KB
Sample

241120-pcgvgawekg
MD5

84a335de90db4b64f9c844f8e8edf063
SHA1

223afeab3f986f7e315b9ace5cc6cea572bee6c4
SHA256

9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
SHA512

37b0066f20f8c3e07727bac115b8634b4a92f9318e3233485e918a0a1e538462ae496bc23c2ba90d5000d50e64622c5e97a5a5c1de59c1dea159ae1b493f51d1
SSDEEP

768:yrzc1ET3w+PSZtIPXxKhDN2XOZPlWXrn5uOeEeJmegepslLqAEnWXi+o2Snpp79:yv0ET4ZtIXxK1N2Znt9Mmbey8WSb

Score

10^/10

mirai credential_access defense_evasion

Malware Config

Targets

- Target
  
  9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
- Size
  
  61KB
- MD5
  
  84a335de90db4b64f9c844f8e8edf063
- SHA1
  
  223afeab3f986f7e315b9ace5cc6cea572bee6c4
- SHA256
  
  9ee9edb5ee1a034b769e3572db10da8d7bfa29a94e6fc806611319d716dd3de5
- SHA512
  
  37b0066f20f8c3e07727bac115b8634b4a92f9318e3233485e918a0a1e538462ae496bc23c2ba90d5000d50e64622c5e97a5a5c1de59c1dea159ae1b493f51d1
- SSDEEP
  
  768:yrzc1ET3w+PSZtIPXxKhDN2XOZPlWXrn5uOeEeJmegepslLqAEnWXi+o2Snpp79:yv0ET4ZtIXxK1N2Znt9Mmbey8WSb
Score

7^/10

credential_access defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasion