mirai | d44a882c31ec7c996cf327ac75602b8465e7f42ca4fae81cedd49b72ccd6b9e7 | Triage

Sharing

General

Target

715-1-0x00400000-0x00430f8c-memory.dmp
Size

129KB
Sample

241212-sa296szlak
MD5

7af32aab164e74c0ce53a430b629edcc
SHA1

bf05c3f15c7f6e6fa38308809d5ead8f11c2dc91
SHA256

d44a882c31ec7c996cf327ac75602b8465e7f42ca4fae81cedd49b72ccd6b9e7
SHA512

aabd781df2caab2ce3fde1f3f1565e3a51d6f8e91c5da3b6b523e6fb64f8d0fda9fb055859bb2258f5d5387f92d89099f8e69fda6223afe06c3c1290674138c1
SSDEEP

3072:4kP+ptzQB0sTv6s3B4hagrUcgxNN1qVOVZ8Fb1laW4K:4kP+ptzQB0I3KhagrUxMFb1laW4K

Score

10^/10

mirai botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  715-1-0x00400000-0x00430f8c-memory.dmp
- Size
  
  129KB
- MD5
  
  7af32aab164e74c0ce53a430b629edcc
- SHA1
  
  bf05c3f15c7f6e6fa38308809d5ead8f11c2dc91
- SHA256
  
  d44a882c31ec7c996cf327ac75602b8465e7f42ca4fae81cedd49b72ccd6b9e7
- SHA512
  
  aabd781df2caab2ce3fde1f3f1565e3a51d6f8e91c5da3b6b523e6fb64f8d0fda9fb055859bb2258f5d5387f92d89099f8e69fda6223afe06c3c1290674138c1
- SSDEEP
  
  3072:4kP+ptzQB0sTv6s3B4hagrUcgxNN1qVOVZ8Fb1laW4K:4kP+ptzQB0I3KhagrUxMFb1laW4K
Score

9^/10

defense_evasion discovery
- Contacts a large (108497) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery