mirai | 51156a165eb1a53950c858c75dd17542873f665b833d0b2bf22f457d9ee50936 | Triage

Submit
Reports

Overview

overview

Static

static

5

cbcc8cc5bd...kes118

debian-9-armhf

Sharing

General

Target

cbcc8cc5bdae230630a80e207f0d12c3_JaffaCakes118
Size

57KB
Sample

241206-jfza2awraw
MD5

cbcc8cc5bdae230630a80e207f0d12c3
SHA1

14f286036b0d92a6e20f5a6afd7341dbd7a10b30
SHA256

51156a165eb1a53950c858c75dd17542873f665b833d0b2bf22f457d9ee50936
SHA512

d575081a515aec0f80cac9857923c52069eb08f4afc8daae807c19b8b5de87b8751684b1f22890083332bb09bd802fefcee3897b6b53c40b6d43840af641c533
SSDEEP

1536:EhfPxgLSJWPsVlNBdbEABsLpgJNxxHLesKHEixb:MfPiSJWkBByJLcNvHLeszSb

Score

10^/10

mirai unst botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cbcc8cc5bdae230630a80e207f0d12c3_JaffaCakes118

Resource

debian9-armhf-20240611-en

mirai unst botnet defense_evasion discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

- Target
  
  cbcc8cc5bdae230630a80e207f0d12c3_JaffaCakes118
- Size
  
  57KB
- MD5
  
  cbcc8cc5bdae230630a80e207f0d12c3
- SHA1
  
  14f286036b0d92a6e20f5a6afd7341dbd7a10b30
- SHA256
  
  51156a165eb1a53950c858c75dd17542873f665b833d0b2bf22f457d9ee50936
- SHA512
  
  d575081a515aec0f80cac9857923c52069eb08f4afc8daae807c19b8b5de87b8751684b1f22890083332bb09bd802fefcee3897b6b53c40b6d43840af641c533
- SSDEEP
  
  1536:EhfPxgLSJWPsVlNBdbEABsLpgJNxxHLesKHEixb:MfPiSJWkBByJLcNvHLeszSb
Score

10^/10

mirai unst botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (278341) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiunstbotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy