mirai | ca80e259ea5070b2a5ca6ecd095cb7ef223c27ccd1534c46148f223691ee3ff6 | Triage

Sharing

General

Target

88660446811d50c52341472f9b03d870.bin
Size

34KB
Sample

241205-byg6gaxlcn
MD5

ce69500db95f642314a5142af3ff4cff
SHA1

bd4d83421f3b1f5245954a3ab78a5eb97dd92b93
SHA256

ca80e259ea5070b2a5ca6ecd095cb7ef223c27ccd1534c46148f223691ee3ff6
SHA512

e17ed73f1c9397ce23fd0ac2692c933ccd0a65718165d734c62bf82d025961d48409f0312ae02f2c50da3edb243baece826699956feaa13a886a6d192ab4160a
SSDEEP

768:LAZdl+N9XiSH/ViMKZbQLNqvPZgz4M/Nl8+cHebrCYaVgg0:k3lsbH/aZbQ5qez4M/H8+pb3ogg0

Score

10^/10

mirai unstable defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

scamanje.stresserit.pro

Targets

- Target
  
  011c4d82c6f391669c979bb51cabe5815e14f370e96e4492d298ad16f510b73d.elf
- Size
  
  66KB
- MD5
  
  88660446811d50c52341472f9b03d870
- SHA1
  
  bc8c0a5be47d1538a1504aded3f9fdffaabe3b6f
- SHA256
  
  011c4d82c6f391669c979bb51cabe5815e14f370e96e4492d298ad16f510b73d
- SHA512
  
  15a1bc29f9e2f6c97b498edc751d13720ea7b643f48e7745fa3b10194942294d04556e6a963b3075c6c402c11aead80bf564696f71180a69d10c629055da7cac
- SSDEEP
  
  1536:AQqMYLd31JuGGCao6GRnBkmnz8o16Qj7AT4vpN3:VqMYrJdvaopRnuE16QjI4v
Score

9^/10

defense_evasion discovery
- Contacts a large (148542) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery