mirai | 9f3a25a217bdaa28e9a6ea433d61c03c89474285da0dba374f3e48ebfcc73e99 | Triage

Sharing

General

Target

ef215bf96b2be1b7631c1151f9d159f6_JaffaCakes118
Size

37KB
Sample

241214-recpmstrct
MD5

ef215bf96b2be1b7631c1151f9d159f6
SHA1

e2b10b00b947f9b2122cf7dddefcd1e4ca4d5d8f
SHA256

9f3a25a217bdaa28e9a6ea433d61c03c89474285da0dba374f3e48ebfcc73e99
SHA512

dc8af7eed3936e17dd1ce28e017fb9a39232438b1753144a95f3375a978108b5462ec8990f4038fa31b8379cdb78353c2dfbdabe2976204ca4ecc56368dff4e4
SSDEEP

768:Q/LL8N4VVnIce8sdNV9DRfJjXFnC5fHnvoovNYyU1uUOo/dNZpg7JmtmpLJlo/Co:8LgN4VVnretv9D5JjsUtK3HukO

Score

10^/10

mirai defense_evasion discovery

Malware Config

Targets

- Target
  
  ef215bf96b2be1b7631c1151f9d159f6_JaffaCakes118
- Size
  
  37KB
- MD5
  
  ef215bf96b2be1b7631c1151f9d159f6
- SHA1
  
  e2b10b00b947f9b2122cf7dddefcd1e4ca4d5d8f
- SHA256
  
  9f3a25a217bdaa28e9a6ea433d61c03c89474285da0dba374f3e48ebfcc73e99
- SHA512
  
  dc8af7eed3936e17dd1ce28e017fb9a39232438b1753144a95f3375a978108b5462ec8990f4038fa31b8379cdb78353c2dfbdabe2976204ca4ecc56368dff4e4
- SSDEEP
  
  768:Q/LL8N4VVnIce8sdNV9DRfJjXFnC5fHnvoovNYyU1uUOo/dNZpg7JmtmpLJlo/Co:8LgN4VVnretv9D5JjsUtK3HukO
Score

9^/10

defense_evasion discovery
- Contacts a large (23822) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery