mirai | 1b8b5cc9cb64473380cd6898f7580339f38a3cd6e7f90d1768c7842e998bb3ed | Triage

Sharing

General

Target

RpcSecurity.x86.elf
Size

54KB
Sample

241227-f8aatssmbm
MD5

7e83ac9f8b9ae088c5336df0d874926f
SHA1

a5fe7d25942a9f04f8a4cfb57d5781d7042a48d5
SHA256

1b8b5cc9cb64473380cd6898f7580339f38a3cd6e7f90d1768c7842e998bb3ed
SHA512

0e4dda062bb583dad01c1a9ab9018303003dce5078c30af63b222fa82b93f4fc19bc0bdd6e8f4c3024b0d9502470bbf26238ea991f08ded59e040b89f3156d2b
SSDEEP

768:FmnthEsW5qnF15RY1dhPe7oXTmcfDj5gk9vWnTI4eBH+4sToQLDKFv:Yn/EsW5qhSh6am0lWnU4GH+dNLY

Score

10^/10

mirai demons discovery linux

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  RpcSecurity.x86.elf
- Size
  
  54KB
- MD5
  
  7e83ac9f8b9ae088c5336df0d874926f
- SHA1
  
  a5fe7d25942a9f04f8a4cfb57d5781d7042a48d5
- SHA256
  
  1b8b5cc9cb64473380cd6898f7580339f38a3cd6e7f90d1768c7842e998bb3ed
- SHA512
  
  0e4dda062bb583dad01c1a9ab9018303003dce5078c30af63b222fa82b93f4fc19bc0bdd6e8f4c3024b0d9502470bbf26238ea991f08ded59e040b89f3156d2b
- SSDEEP
  
  768:FmnthEsW5qnF15RY1dhPe7oXTmcfDj5gk9vWnTI4eBH+4sToQLDKFv:Yn/EsW5qhSh6am0lWnU4GH+dNLY
Score

6^/10

discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1