mirai | bd9b1ca0955d86c6f82da5ceca271ef7a4c7a95b4d80a09fb561872528bb977b | Triage

Sharing

General

Target

1502-1-0x0000000008048000-0x000000000805d9e0-memory.dmp
Size

84KB
Sample

241227-q4l4yawkat
MD5

51caf66dd442ff60db9ca36dcd435c79
SHA1

320f636510bf0bf02077b40b133fcaab40ca1878
SHA256

bd9b1ca0955d86c6f82da5ceca271ef7a4c7a95b4d80a09fb561872528bb977b
SHA512

64aa28386a021295fe2e121b15b32a82845d90b622703c1d0b612d67589aef3cda0453ec34785c5f4fb4855a8b7734baa3b9dd5d3904ee5b42edc84d59f3ac47
SSDEEP

1536:yqjw0gDBlFIBKkC4GGJ8EAnt7HG1Ax2BQ6JBkmHrkDApY3G:yqFgDBlKBKkC4GPtOA2BHWmHrIw

Score

10^/10

mirai unstable discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

- Target
  
  1502-1-0x0000000008048000-0x000000000805d9e0-memory.dmp
- Size
  
  84KB
- MD5
  
  51caf66dd442ff60db9ca36dcd435c79
- SHA1
  
  320f636510bf0bf02077b40b133fcaab40ca1878
- SHA256
  
  bd9b1ca0955d86c6f82da5ceca271ef7a4c7a95b4d80a09fb561872528bb977b
- SHA512
  
  64aa28386a021295fe2e121b15b32a82845d90b622703c1d0b612d67589aef3cda0453ec34785c5f4fb4855a8b7734baa3b9dd5d3904ee5b42edc84d59f3ac47
- SSDEEP
  
  1536:yqjw0gDBlFIBKkC4GGJ8EAnt7HG1Ax2BQ6JBkmHrkDApY3G:yqFgDBlKBKkC4GPtOA2BHWmHrIw
Score

9^/10

discovery rootkit
- Contacts a large (191899) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit