mirai | 6c568bd265a5c182913cd277c88a151c797dfeb05244edaf156dea1b389a0baa | Triage

Sharing

General

Target

51.79.141.121-sora.sh-2024-12-29T211113.sh
Size

2KB
Sample

241229-1gfczsxngy
MD5

0569b09a5951d5fe444efa1892b87687
SHA1

0d3df40a37ec718be33d83c1c9a962e982a51d17
SHA256

6c568bd265a5c182913cd277c88a151c797dfeb05244edaf156dea1b389a0baa
SHA512

fbdf5cd3d7ee86f61d205e2745661444152304f594c73562a5b7d59adfdfed3adadbb59954afb7618f64d29e283ef15e1dfaf82cef3a79dc74c08cda5580b11d

Score

10^/10

mirai condi antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

CONDI

C2

botnet.tfmobile.store

report.tfmobile.store

Extracted

Family

mirai

Botnet

CONDI

C2

botnet.tfmobile.store

Targets

- Target
  
  51.79.141.121-sora.sh-2024-12-29T211113.sh
- Size
  
  2KB
- MD5
  
  0569b09a5951d5fe444efa1892b87687
- SHA1
  
  0d3df40a37ec718be33d83c1c9a962e982a51d17
- SHA256
  
  6c568bd265a5c182913cd277c88a151c797dfeb05244edaf156dea1b389a0baa
- SHA512
  
  fbdf5cd3d7ee86f61d205e2745661444152304f594c73562a5b7d59adfdfed3adadbb59954afb7618f64d29e283ef15e1dfaf82cef3a79dc74c08cda5580b11d
Score

10^/10

mirai condi botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (46061) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraicondibotnetdefense_evasiondiscovery

behavioral2

miraicondiantivmbotnetdefense_evasiondiscovery

behavioral3

miraicondibotnetdefense_evasiondiscovery

behavioral4

miraicondibotnetdefense_evasiondiscovery