mirai | 09e9f78247105e4500f5722131940080633c40ba32803d3f4b5b370ae5ae6233 | Triage

Sharing

General

Target

Oblivion121.sh
Size

1KB
Sample

241215-mpmv5stkel
MD5

90e5e43e5d798a41934d7f30e8208b24
SHA1

0748835c71a1c54c8ea6bc7d0baf831f12eb0ef7
SHA256

09e9f78247105e4500f5722131940080633c40ba32803d3f4b5b370ae5ae6233
SHA512

ea39caa2f2242cd2c46b6f8841fb6e4bb8defdb2fb2dfb831f0dde5cee12707dc1aebc920c1e0834bcc7fab1aeb5caf69cf3ba56f1e6d9a5b9c4bd7b87020032

Score

10^/10

mirai mirai antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  Oblivion121.sh
- Size
  
  1KB
- MD5
  
  90e5e43e5d798a41934d7f30e8208b24
- SHA1
  
  0748835c71a1c54c8ea6bc7d0baf831f12eb0ef7
- SHA256
  
  09e9f78247105e4500f5722131940080633c40ba32803d3f4b5b370ae5ae6233
- SHA512
  
  ea39caa2f2242cd2c46b6f8841fb6e4bb8defdb2fb2dfb831f0dde5cee12707dc1aebc920c1e0834bcc7fab1aeb5caf69cf3ba56f1e6d9a5b9c4bd7b87020032
Score

10^/10

mirai mirai botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (34482) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraimiraibotnetdefense_evasiondiscovery

behavioral2

miraimiraiantivmbotnetdefense_evasiondiscovery

behavioral3

miraimiraibotnetdefense_evasiondiscovery

behavioral4

miraimiraibotnetdefense_evasiondiscovery