mirai | 6b96dc9fbe7791cc5c0af51ca9b107ccfac66652fa65693251ce23beb772635f | Triage

Sharing

General

Target

696-1-0x00400000-0x0042fd9c-memory.dmp
Size

125KB
Sample

241212-r93jjszkfk
MD5

25e2acba09e1416b972bb0350db65db1
SHA1

8844664a2dd638ccb809a4726c0287f1e998a03d
SHA256

6b96dc9fbe7791cc5c0af51ca9b107ccfac66652fa65693251ce23beb772635f
SHA512

e94474b615fc3f80cef30d164791cfd3b2318e6dd63236be78a93a308bea2b36585a58095a726d58b86cba67a865fa645388824aab5b3696af46c66da8d699b3
SSDEEP

1536:7VjipKe6+n9VIoLXAsSh8H0PN5nfIll4OnKpYeMjcy9CcbDrLFhIEl363q:xjipKp+nHXnH0PYlTh9/3Gq

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  696-1-0x00400000-0x0042fd9c-memory.dmp
- Size
  
  125KB
- MD5
  
  25e2acba09e1416b972bb0350db65db1
- SHA1
  
  8844664a2dd638ccb809a4726c0287f1e998a03d
- SHA256
  
  6b96dc9fbe7791cc5c0af51ca9b107ccfac66652fa65693251ce23beb772635f
- SHA512
  
  e94474b615fc3f80cef30d164791cfd3b2318e6dd63236be78a93a308bea2b36585a58095a726d58b86cba67a865fa645388824aab5b3696af46c66da8d699b3
- SSDEEP
  
  1536:7VjipKe6+n9VIoLXAsSh8H0PN5nfIll4OnKpYeMjcy9CcbDrLFhIEl363q:xjipKp+nHXnH0PYlTh9/3Gq
Score

9^/10

defense_evasion discovery
- Contacts a large (93129) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery