mirai | b7d263461e7ba2a2b32b4ae89e75f50e2522ad6713d6039afd3c0d3fafb4c782 | Triage

Sharing

General

Target

cf1a976e85e76f268e8b7c986cd687d0_JaffaCakes118
Size

68KB
Sample

241206-1am49aykes
MD5

cf1a976e85e76f268e8b7c986cd687d0
SHA1

ebf1f223eb9107afd8b9ea5d722fed43cf38fafc
SHA256

b7d263461e7ba2a2b32b4ae89e75f50e2522ad6713d6039afd3c0d3fafb4c782
SHA512

4b2788b6943396f2dac66d99c75731ae6506f5834dc91a8dfa8b4bf08526a8a52dfc00a0bcbc8d4bd5d69263cd702a3fbdf11d9f56dcb065ef9950f3d37934fb
SSDEEP

1536:ZXuL5MVqr3MOWaunK2ULfSyjiUe//zLQa2ehH0hQzg:ZeLqVqrdhun7ULfSyNe/VFpQQzg

Score

10^/10

mirai discovery linux rootkit

Malware Config

Targets

- Target
  
  cf1a976e85e76f268e8b7c986cd687d0_JaffaCakes118
- Size
  
  68KB
- MD5
  
  cf1a976e85e76f268e8b7c986cd687d0
- SHA1
  
  ebf1f223eb9107afd8b9ea5d722fed43cf38fafc
- SHA256
  
  b7d263461e7ba2a2b32b4ae89e75f50e2522ad6713d6039afd3c0d3fafb4c782
- SHA512
  
  4b2788b6943396f2dac66d99c75731ae6506f5834dc91a8dfa8b4bf08526a8a52dfc00a0bcbc8d4bd5d69263cd702a3fbdf11d9f56dcb065ef9950f3d37934fb
- SSDEEP
  
  1536:ZXuL5MVqr3MOWaunK2ULfSyjiUe//zLQa2ehH0hQzg:ZeLqVqrdhun7ULfSyNe/VFpQQzg
Score

8^/10

discovery rootkit
- Contacts a large (1121) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit