mirai | c632725093e64d00e75fd6ac65faa0b27880419911c47b99319fae9a92e845f8 | Triage

Sharing

General

Target

l.sh
Size

1KB
Sample

241228-l7cmfsxqer
MD5

f1bc5c9578ad5b69e09a58a6b3721b64
SHA1

b7ce08c279c3c9c846a9f8edb4214e7fc4a40d72
SHA256

c632725093e64d00e75fd6ac65faa0b27880419911c47b99319fae9a92e845f8
SHA512

5afccb744365dc43090fa8c18e965708c3e45f8239268a31e2453cc3c32ff7bab095fc1718d2f89d3c597770c973a000722b4cba95c78896b1e63a92dba93788

Score

10^/10

mirai botnet botnet defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  l.sh
- Size
  
  1KB
- MD5
  
  f1bc5c9578ad5b69e09a58a6b3721b64
- SHA1
  
  b7ce08c279c3c9c846a9f8edb4214e7fc4a40d72
- SHA256
  
  c632725093e64d00e75fd6ac65faa0b27880419911c47b99319fae9a92e845f8
- SHA512
  
  5afccb744365dc43090fa8c18e965708c3e45f8239268a31e2453cc3c32ff7bab095fc1718d2f89d3c597770c973a000722b4cba95c78896b1e63a92dba93788
Score

10^/10

mirai botnet botnet defense_evasion discovery execution persistence privilege_escalatio
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio