mirai | a1a0e12ae15013252368016e9636d2e5538ff845a50acfccdd285358c5b6aff8 | Triage

Sharing

General

Target

reap.sh
Size

1KB
Sample

250102-pz7peavpfl
MD5

39f93bd4fd9d3c98d3386af5ec10af82
SHA1

dba182c5eb6d6ecf60c260671c085e7603e757d0
SHA256

a1a0e12ae15013252368016e9636d2e5538ff845a50acfccdd285358c5b6aff8
SHA512

944d38eaf0514a40d37850a97d00ce594a4c69452b3713bbfa06bea0369980becbb4a0af900c81e4fb122bf3b9e03ae82cba164df4e0e4673094d1c95be4c169

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  reap.sh
- Size
  
  1KB
- MD5
  
  39f93bd4fd9d3c98d3386af5ec10af82
- SHA1
  
  dba182c5eb6d6ecf60c260671c085e7603e757d0
- SHA256
  
  a1a0e12ae15013252368016e9636d2e5538ff845a50acfccdd285358c5b6aff8
- SHA512
  
  944d38eaf0514a40d37850a97d00ce594a4c69452b3713bbfa06bea0369980becbb4a0af900c81e4fb122bf3b9e03ae82cba164df4e0e4673094d1c95be4c169
Score

10^/10

mirai sora botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (2492417) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscovery

behavioral2

miraisoraantivmbotnetdefense_evasiondiscovery

behavioral3

miraisorabotnetdefense_evasiondiscovery

behavioral4

miraisorabotnetdefense_evasiondiscovery