mirai | 6f6de7f166f98d6391f52362327abeae69469b3dd8e09db11c11615a2c5cb31f | Triage

Sharing

General

Target

l.sh
Size

240B
Sample

250101-tlrs9a1qbw
MD5

e2102b077fa0da3be5a5b07b22a34d20
SHA1

629a840f9cbd82d8126f2e6b26f4668af8757f10
SHA256

6f6de7f166f98d6391f52362327abeae69469b3dd8e09db11c11615a2c5cb31f
SHA512

3db852f800118e0a6343e3d121db6eeb851ae72856ec4e7b07edb665e151811b2b6435706795370550cdeaf8b9816b64d42e6c317a1b6c781660905876873fdf

Score

10^/10

mirai botnet botnet defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  l.sh
- Size
  
  240B
- MD5
  
  e2102b077fa0da3be5a5b07b22a34d20
- SHA1
  
  629a840f9cbd82d8126f2e6b26f4668af8757f10
- SHA256
  
  6f6de7f166f98d6391f52362327abeae69469b3dd8e09db11c11615a2c5cb31f
- SHA512
  
  3db852f800118e0a6343e3d121db6eeb851ae72856ec4e7b07edb665e151811b2b6435706795370550cdeaf8b9816b64d42e6c317a1b6c781660905876873fdf
Score

10^/10

mirai botnet botnet defense_evasion discovery execution persistence privilege_escalatio
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio