mirai | 838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442 | Triage

Resubmissions

06/12/2024, 09:15

241206-k75gsswman 10

05/12/2024, 10:40

241205-mqteba1jfy 10

Sharing

General

Target

c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
Size

61KB
Sample

241206-k75gsswman
MD5

c74dc42bbe440932db0f1d72a2353a02
SHA1

9224e2a0b5e860d6ee3bf3c0658060308f7c2cee
SHA256

838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442
SHA512

e4e20405439b592680ebc3f32489bb827f028f8e41c8d4ef40a616a5b452b20414cf94a48762b72a2978c3f224b41909f12241351639a86a3f1e15dc86557f70
SSDEEP

1536:rdZ2PuURL7ORsW38Iva/6pYPqexmtUffQfmX5hT:rdYuU0RD38ipnexl15h

Score

10^/10

mirai kyton discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

- Target
  
  c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
- Size
  
  61KB
- MD5
  
  c74dc42bbe440932db0f1d72a2353a02
- SHA1
  
  9224e2a0b5e860d6ee3bf3c0658060308f7c2cee
- SHA256
  
  838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442
- SHA512
  
  e4e20405439b592680ebc3f32489bb827f028f8e41c8d4ef40a616a5b452b20414cf94a48762b72a2978c3f224b41909f12241351639a86a3f1e15dc86557f70
- SSDEEP
  
  1536:rdZ2PuURL7ORsW38Iva/6pYPqexmtUffQfmX5hT:rdYuU0RD38ipnexl15h
Score

9^/10

discovery rootkit
- Contacts a large (107108) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit