mirai | 8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f | Triage

Sharing

General

Target

8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f.unknown
Size

610B
Sample

241229-czs5sszla1
MD5

92d13edccd8d4b5832ee62c441c24785
SHA1

dbb27ddb5dca8aead2e72e887c24cfce68947a22
SHA256

8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f
SHA512

d3f9223e692eff6ec1e5067555f05bf676489959fddddf3f890afa8006ae0c27500d61fabfcff3d14d1f03acd0f573b1cd61a1ee78ce16e9da4b075a03cd606a

Score

10^/10

mirai botnet botnet defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f.unknown
- Size
  
  610B
- MD5
  
  92d13edccd8d4b5832ee62c441c24785
- SHA1
  
  dbb27ddb5dca8aead2e72e887c24cfce68947a22
- SHA256
  
  8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f
- SHA512
  
  d3f9223e692eff6ec1e5067555f05bf676489959fddddf3f890afa8006ae0c27500d61fabfcff3d14d1f03acd0f573b1cd61a1ee78ce16e9da4b075a03cd606a
Score

10^/10

mirai botnet botnet defense_evasion discovery execution persistence privilege_escalatio
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio