mirai | 93ccc8470dcb68e947dc9450edcc1af7a4ec119a43f8bfb0161c92c9cf7b72fe

General

Target

d415cbae8e6ba03fd6ab3a91647f2df06123f5568429a936f4bd36f9a837e8ed.zip
Size

35KB
Sample

241129-ptr2rszqer
MD5

a1e9485d17e60afda394fdcfe206b331
SHA1

2835c0845d055546536449ba452e7f6f7e2d1264
SHA256

93ccc8470dcb68e947dc9450edcc1af7a4ec119a43f8bfb0161c92c9cf7b72fe
SHA512

e5d66d82b09d7a4600de82470d724b400bb630243bf5ce0f3af72c32294cafd6b70517408b10257ebf9caf2125e8ebf934f14a2d7948e3d1649096d311cc1027
SSDEEP

768:Gl0JTeJBBBSq9xFy0i9K+OBbReuN7QeT9UVWRiHiulbc1a:G+YBBEixFyh8BdzNUm9UVpCulbh

Score

10^/10

Malware Config

Extracted

Family

mirai

Botnet

ECCHI

C2

root.pizda.site

Targets

- Target
  
  d415cbae8e6ba03fd6ab3a91647f2df06123f5568429a936f4bd36f9a837e8ed.elf
- Size
  
  68KB
- MD5
  
  1d9768de015834a78ba323e0e6c3ded1
- SHA1
  
  6fd29166bfb61609f3a91fe7694516f38410f39e
- SHA256
  
  d415cbae8e6ba03fd6ab3a91647f2df06123f5568429a936f4bd36f9a837e8ed
- SHA512
  
  919fb333666c39a6820583d410f7f1dc8d4ab25586f1a17304b807d7b4931bf9fd46fdb07c19c4eacae258bc2625d454eb42e202ffa966f8237db2fa7f200dcd
- SSDEEP
  
  1536:dt/lTQT7GPYmueXqVXJmB72MFnKiaILO2418HR0jWzvOijgVzOun/a0t:n/lkT7W+6wXJmt2MFnKWL/4CHRjQv/
Score

9^/10

credential_access defense_evasion discovery
- Contacts a large (43505) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

OS Credential Dumping

1

T1003

Proc Filesystem

1

T1003.007

Discovery

Network Service Discovery

2

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contacts a large (43505) amount of remote hosts

Creates a large amount of network flows

Modifies Watchdog functionality

Enumerates running processes

Reads process memory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2