mirai | ce9a5d9b5c25ecfcde1c946901db42efdfa881de812e2a1cab84b1650b057a7a | Triage

Sharing

General

Target

GuruITDDoS3.sh
Size

2KB
Sample

241227-hqtymaspfw
MD5

c01f89f66afa819108643774b814bfaf
SHA1

abde31c7a7b764f70527ef07b3f57a9993b949b8
SHA256

ce9a5d9b5c25ecfcde1c946901db42efdfa881de812e2a1cab84b1650b057a7a
SHA512

a5e94401ba1d9e605e4c65143c57eb3235ee0a6a63f71e55a129e57cf6252c33f51aa2ee46271796d7b21f28eb1cbbbd6fa0d380de376714dcc17e05ebd06f80

Score

10^/10

mirai demons antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  GuruITDDoS3.sh
- Size
  
  2KB
- MD5
  
  c01f89f66afa819108643774b814bfaf
- SHA1
  
  abde31c7a7b764f70527ef07b3f57a9993b949b8
- SHA256
  
  ce9a5d9b5c25ecfcde1c946901db42efdfa881de812e2a1cab84b1650b057a7a
- SHA512
  
  a5e94401ba1d9e605e4c65143c57eb3235ee0a6a63f71e55a129e57cf6252c33f51aa2ee46271796d7b21f28eb1cbbbd6fa0d380de376714dcc17e05ebd06f80
Score

10^/10

mirai demons botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraidemonsbotnetdefense_evasiondiscovery

behavioral2

miraidemonsantivmbotnetdefense_evasiondiscovery

behavioral3

miraidemonsbotnetdefense_evasiondiscovery

behavioral4

miraidemonsbotnetdefense_evasiondiscovery