mirai | 8b41d5f588ba7f38a91c67da9a6fb04bcb51eb0788423e1e8a1c546dc8fc615a | Triage

Sharing

General

Target

92d13edccd8d4b5832ee62c441c24785.bin
Size

611B
Sample

241230-b2ql1stlgv
MD5

a1859eef9ebe3a5c861a2a9845936750
SHA1

cbaa080524fe369ce36a1dff9a738365e87d98d2
SHA256

8b41d5f588ba7f38a91c67da9a6fb04bcb51eb0788423e1e8a1c546dc8fc615a
SHA512

01c7a0f8809ccb6440147a80c1f2869f5dcb4d8a44ebdecad0289d52a4f497ebdf573a2767bb492500bfba2e48b1aa9710bc48c3448924e0bcd3796f1a8839b5

Score

10^/10

mirai botnet botnet defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f.unknown
- Size
  
  610B
- MD5
  
  92d13edccd8d4b5832ee62c441c24785
- SHA1
  
  dbb27ddb5dca8aead2e72e887c24cfce68947a22
- SHA256
  
  8de33221d6d2c4845384f131583dbae52cb5eb1571311e26ca03566fc6d0740f
- SHA512
  
  d3f9223e692eff6ec1e5067555f05bf676489959fddddf3f890afa8006ae0c27500d61fabfcff3d14d1f03acd0f573b1cd61a1ee78ce16e9da4b075a03cd606a
Score

10^/10

mirai botnet botnet defense_evasion discovery execution persistence privilege_escalatio
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio