Overview

overview

10

Static

static

10

250103/Aqua.arm4

debian-12-armhf

1

250103/Aqua.arm5

debian-9-armhf

7

250103/Aqua.arm6

debian-9-armhf

1

250103/Aqua.arm7

debian-12-armhf

7

250103/Aqua.i686

ubuntu-22.04-amd64

7

250103/Aqua.m68k

ubuntu-18.04-amd64

250103/Aqua.m68k

debian-9-armhf

250103/Aqua.m68k

debian-9-mips

250103/Aqua.m68k

debian-9-mipsel

250103/Aqua.mips

debian-9-mips

7

250103/Aqua.mips.1

debian-9-mips

7

250103/Aqua.mpsl

debian-12-mipsel

250103/Aqua.ppc

ubuntu-18.04-amd64

250103/Aqua.ppc

debian-9-armhf

250103/Aqua.ppc

debian-9-mips

250103/Aqua.ppc

debian-9-mipsel

250103/Aqua.sh4

ubuntu-18.04-amd64

250103/Aqua.sh4

debian-9-armhf

250103/Aqua.sh4

debian-9-mips

250103/Aqua.sh4

debian-9-mipsel

250103/Aqua.x86

ubuntu-20.04-amd64

7

250103/Aqua.x86_64

ubuntu-22.04-amd64

7

250103/random.sh

windows7-x64

3

250103/random.sh

windows10-2004-x64

3

250103/rmod.sh

windows7-x64

3

250103/rmod.sh

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed71cd9ff18c0b4d79ded9c8798e5c99de85986a30a46ad25f40c4e8d6f0ce23

  • Size

    530KB

  • Sample

    250102-3y9z2atpap

  • MD5

    16de11a73c5e5bbf2a9f7229851d0c0f

  • SHA1

    9437d131ec31190fd2bb6146b9e6b70819380bd2

  • SHA256

    ed71cd9ff18c0b4d79ded9c8798e5c99de85986a30a46ad25f40c4e8d6f0ce23

  • SHA512

    caee4ea5bd53420149afd2ebfb500ba8ea1d5c1603ace69cccd4a91b0f12d27416b45da4c93d33f53207910003b71dec7f6d6bd72602a1caf66879a780dd66ab

  • SSDEEP

    12288:AYYfgNsyEt/zsqpRamdUcV/TxyX6HJjmXMl28DhoimWOaxyXj:AYAgNs2iEmdZ74UJKXMlvXv4j

Score
10/10
miraibotnetdiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

C2

89.190.156.145

boats.dogmuncher.xyz

Extracted

Family

mirai

Botnet

BOTNET

C2

boats.dogmuncher.xyz

89.190.156.145

Extracted

Family

mirai

Botnet

BOTNET

C2

boats.dogmuncher.xyz

89.190.156.145

Extracted

Family

mirai

Botnet

BOTNET

C2

boats.dogmuncher.xyz

89.190.156.145

Extracted

Family

mirai

C2

89.190.156.145

Extracted

Family

mirai

Botnet

BOTNET

C2

boats.dogmuncher.xyz

Targets

    • Target

      250103/Aqua.arm4

    • Size

      75KB

    • MD5

      721641131718ddf892ca8729261f7a36

    • SHA1

      581fd24649b530a7b2b2142020c933d1fcab1234

    • SHA256

      013977ba03fdd2813f040aa0bc68cca0867f077cf8c9841e225cec42e81d3479

    • SHA512

      32306daadb6b2226e446cdc13e68deaae23f4be71e0dfabf1b9a90f9f1f26960b5e8a3e86ad631161f0da4e320f9f042b7d0449dba45619eca21cca5c85fa00c

    • SSDEEP

      1536:9U+v4c3K0sEl3Lr1WvKnVzOM5OaI1bmC4TJuwiSim:9U+DDb+KnVaft4R

    Score
    1/10
    behavioral1

    • Target

      250103/Aqua.arm5

    • Size

      73KB

    • MD5

      a81b3e1b08e1dd38ed320248960f0a22

    • SHA1

      e6caa95820ed9a3ac2721bb35d5141b95f58bb6f

    • SHA256

      2410442b2a9913ba91920c26238e93c6d54d2938d58474c3b3fe1bd15548247e

    • SHA512

      5b492fd9d7023140c05e1160e5b8b911e20a7b560942a348cce369d79d72e715c22f84bd21b050cca9a341967dc3305c3e3cb517ebecce8b8bd12dab2a651a82

    • SSDEEP

      1536:0ywMg00kq9ASzNW1vUTYM5ONh5TmM0FHzwUhIuSim:0ywWjSgvUUbw5zD2

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral2

    • Target

      250103/Aqua.arm6

    • Size

      81KB

    • MD5

      c34f2fa7eead09c23b335df057c5101c

    • SHA1

      1430184750efa343ae1a91ea92d5f2ffb58ead45

    • SHA256

      13cddaa9a9e855e301a9341006229b46dd5faedd8d3b851f9bbac3f66de30cb4

    • SHA512

      5485a3fdcd27eb42dd93c0fa2f191ea7261652a38f32d0394be6b4def7391ec5743471beec687c983087cda3ecabe6f3ededf60684817fca5b11cf560fdf1bbf

    • SSDEEP

      1536:A0nWakNZidminK0nOBYIfk0WaH2zkt2Q2MFGiRTG/qVyi7sp5uSiLM:58ZP3Vk0WaHXpTG/qVyiwp0

    Score
    1/10
    behavioral3

    • Target

      250103/Aqua.arm7

    • Size

      154KB

    • MD5

      1021bcdbd3317439c8028eba6b621e08

    • SHA1

      ef6f92fd8b9ce15c0af8ff379cedc6a8ffc85a36

    • SHA256

      fc9ca464d8be8c202661ec5862c2b56b78f9cef824066d3dc32c3e58ee3a5f56

    • SHA512

      168cd371ee931004406232b5692b1d3eacd53f211cb607eca5c3b0b1cba131c8328f5de74354e5fd1a062f926372497bdfb26de7cacff67b6ff78d317f14a08b

    • SSDEEP

      3072:4f4fkx/LXeakFSesMI4oaZrS3FSO/DiEMmM/9nhJ+z+:4f4cx/7eakFSesMVoT3ESDiExM/93+a

    Score
    7/10
    discovery

    • Deletes itself

    behavioral4

    • Target

      250103/Aqua.i686

    • Size

      65KB

    • MD5

      a44f59525e746cd6323e3adcfbba2bf6

    • SHA1

      daaa5ffa4492890f89343f02f86b4a54f9620dd5

    • SHA256

      493d8e62473aa1253db8c265ff5577f65f4e58d8a63759c15154d3b937d02f14

    • SHA512

      65c2473b6a813e61c1918884b2db07988451f9fccfac8d7eb4ff633ec3741433c6d20341ac2dcc6bf11b89174f5f6f34194eec29d8170c4d279877b3b5ff66e3

    • SSDEEP

      1536:6ls7IFtUITcmQSqwCUBakXxn73WHs/Zd/tesn3Y9RPJQR3xjpx:6lsEFtfTHqwCUBakXViM/Zd/tes3iYx

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral5

    • Target

      250103/Aqua.m68k

    • Size

      83KB

    • MD5

      62ef118d38aecc7759a26f6ca0bfed50

    • SHA1

      7a4df8000c6952421d68b08ace4332a5715f6108

    • SHA256

      5fb894a13c669f3b74fc7b18cca3925a3396b1d782ef352c0388b6aff3dee3f2

    • SHA512

      9a082fc2e44ad24ed14e4dd62a6a1f3f037c763b722a109d26b20a59203ff0c1561e7a955d6c0dbdc43338a1fd87f2c1093903a207a85544de2f3f05342cbc63

    • SSDEEP

      1536:88FQVjwp0mUTAM8f0yJ3D3oRGcIifvx5Z30w5N6oVY+xut0aV:88FUw+mUTAOyJ3DaIMvxjEJUY+xgBV

    Score
    1/10
    behavioral6behavioral7behavioral8behavioral9

    • Target

      250103/Aqua.mips

    • Size

      99KB

    • MD5

      b0cb7b6d60333527dbc0219c8a89007a

    • SHA1

      a203f1026b8be2dcec10197733bf04ae1a29d97f

    • SHA256

      d17bea13321535fbc4875edca84dfd6878dd09a4ecc7a57d4b41f1396d3ce3d8

    • SHA512

      d4ed414c3a7122012245ae4d954930db679a8dca078c4f5e047969eeae9ae71fc6bd6d0c01761bc066ecb97a4f512d03c5fe54d58944aea691e5b02abe392a76

    • SSDEEP

      1536:rzpIP811qxa0qw1KLIpPdB/o3T8e9m4//QSiWL7:JIP8HqvPdFo3TN/bL7

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral10

    • Target

      250103/Aqua.mips.1

    • Size

      99KB

    • MD5

      b0cb7b6d60333527dbc0219c8a89007a

    • SHA1

      a203f1026b8be2dcec10197733bf04ae1a29d97f

    • SHA256

      d17bea13321535fbc4875edca84dfd6878dd09a4ecc7a57d4b41f1396d3ce3d8

    • SHA512

      d4ed414c3a7122012245ae4d954930db679a8dca078c4f5e047969eeae9ae71fc6bd6d0c01761bc066ecb97a4f512d03c5fe54d58944aea691e5b02abe392a76

    • SSDEEP

      1536:rzpIP811qxa0qw1KLIpPdB/o3T8e9m4//QSiWL7:JIP8HqvPdFo3TN/bL7

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral11

    • Target

      250103/Aqua.mpsl

    • Size

      99KB

    • MD5

      7bb031dae70313f86cea566e1f9befb8

    • SHA1

      df961a253539710d0536f4d71ab99e427182652d

    • SHA256

      870cdb772ccaccbec226b36358940b116d95502bad2b55d2b4fb52478dd27cec

    • SHA512

      01986c08f0c6e87017086355d8589dfba08a47b59af37de6b9655a924973a402133bf17c4ccb7229e4e8a5484f69c02c21d1d108f3c6f28429f837c0dc2adbdc

    • SSDEEP

      1536:jHUYxWHuWXEtOs23Mq4WEqMRsiCzZXTvgstW4CZJqewYVn2GJXTAYWg2GSio:j0YxWHqyyaFXTvDHCxrt1Y

    Score
    1/10
    behavioral12

    • Target

      250103/Aqua.ppc

    • Size

      73KB

    • MD5

      009884f40a50ec95e6dbe68e74b95849

    • SHA1

      2326ae5ab602a0581516f0e9e39e9ddcd7fb8772

    • SHA256

      18f5a1e9178dc7240de21b443a8e48a570b1dacae3d757867cdb54535d923070

    • SHA512

      f2a6a3b284eda628eecfd89bf4bdaf004d470b16d7030c6b286b0b1cf047468552bde41495cba182a6598d226417c38b904b32d0fa6f57d840c7014ed4a8d135

    • SSDEEP

      1536:wbsadsBVtHmwJ0wTeAl4HfmMtcImnTLURfeh22ySirrDBDr:Zstv+MtcImLNEh

    Score
    1/10
    behavioral13behavioral14behavioral15behavioral16

    • Target

      250103/Aqua.sh4

    • Size

      65KB

    • MD5

      70d2913d6f2d1238514161cca676e13d

    • SHA1

      cf58d229f88c62aa6a7bd884aab5230b6e0d9cea

    • SHA256

      f61f3685405e97dbf3641f3ce06c31f57aea75f6952e5b8c6b864d395441ed28

    • SHA512

      8c7ad6cf7526498e1790afbf0d24e6793bad672504b5311e2487671bfd2ad70a819a54e56bc49ae515f5babd256c309bf79ff4d901b155eec43f85cfca9f3d77

    • SSDEEP

      1536:aa+wt919FyvsRxBXjGYMKRJ0U/4qq0Cn4yGar0Sim:aZc9ovs31jGIRh4qq0tb09

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

    • Target

      250103/Aqua.x86

    • Size

      61KB

    • MD5

      785339a085925778d164e6048a5db5db

    • SHA1

      d5a458fda72b4e38a12d07631c198414510e9e78

    • SHA256

      25d8cb0ef26bd4c82292428f59fddd9378e664da42eb027a209b30db6ec857bf

    • SHA512

      5186f196d8633a7343df1b8104cc1aadc804bb8965869cc7d24ab929ea86635e32fee72b0789c1760236925dc074dae458448eb928a2aababe39b6c25d0e2466

    • SSDEEP

      1536:hsJzVTBEV6t+sJ9b6Vc53mqmXyyIjcA3B969X81OwIO73:uJBVEV6tZ2c9mqmXy3jlBaM1D

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral21

    • Target

      250103/Aqua.x86_64

    • Size

      70KB

    • MD5

      838baaa65a20330047a42081a59654fa

    • SHA1

      528cb4d37ca9ae231f32e6d1ab9d45b0f3b3e358

    • SHA256

      809cf04075f674041b0891cb94adb6169e2e9987077b64e9cde692b0e34fc892

    • SHA512

      4abe145e92052735d3461059922dfbb0f4df998bf654810301dcbebafeb086be1e2ad11581677b1a7b6249806fcd706df145088e4f2002b6263e011190dba27b

    • SSDEEP

      1536:GBEtqb9a7oY6uHhK0ygRZKbBqA36d/P57atD9kuQTGJ0OGjnV:htYQsYFwERYVqA36pPctD6TGOO+V

    Score
    7/10
    discovery

    • Deletes itself

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral22

    • Target

      250103/random.sh

    • Size

      1KB

    • MD5

      95bbe14ac6fcdd039906129c5a23d596

    • SHA1

      4ecce0daeb15c10384e784cc98aca114c50ad2c4

    • SHA256

      ee0faf107bf34a08c98f720ef0ff6225b14df94b50baa2d827451ad04f4d5971

    • SHA512

      d0240667d4c2eba2f1545e0bed499fffdd73c6a2d339ce338aa24c245b3d36700af374460b8a296365e7faf03c50f54936f24a686eaa9ea5d287a87f7e7b4bc3

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      250103/rmod.sh

    • Size

      1KB

    • MD5

      05612e856bdf17cfd379adf38241e581

    • SHA1

      b1dc7e7d92cb26aa6001992e46b1a11672e6ae41

    • SHA256

      6aeb240278be4c2ab48d1609c74cc3b8b6d49eb46d10cd1cd885ec1c64f7a8fd

    • SHA512

      b6d1bd9463be50975c1f2f1815496f861b87a08e831b4a538b9aa3ff4e543068a9d4b2cfac3bdd4c97fe29bab5c14f2470ffe4d9c71a8a4372163606e2c2c7b0

    Score
    3/10
    discovery
    behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks