mirai | 6b3a20fef3ff1544248fc1eb75d80c40f271a4d36ff1aca707999b328e50a29b | Triage

Sharing

General

Target

x86_64.elf
Size

51KB
Sample

250119-r5vm5s1rdw
MD5

d8689cc8fac18781286f567d27cfea0a
SHA1

693b41e72e82be77289584dbd00cf9a960b7a5f8
SHA256

6b3a20fef3ff1544248fc1eb75d80c40f271a4d36ff1aca707999b328e50a29b
SHA512

44bbf89d0228238395797d5afc297c4545124f7ee72f51ef05450e0c0b7bc85a48a586f7b3d1c0f49cbde61483e39ed3b8ca4979113abe5f35dc9a26c4ddefdb
SSDEEP

1536:Dow9RmOpUUau3yD+YCJm4m3gDuueWuOMcKG+p:8uRhCRAymJmRgfeWu3G+p

Score

10^/10

mirai mirai discovery linux

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

botnet.goelites.cc

Targets

- Target
  
  x86_64.elf
- Size
  
  51KB
- MD5
  
  d8689cc8fac18781286f567d27cfea0a
- SHA1
  
  693b41e72e82be77289584dbd00cf9a960b7a5f8
- SHA256
  
  6b3a20fef3ff1544248fc1eb75d80c40f271a4d36ff1aca707999b328e50a29b
- SHA512
  
  44bbf89d0228238395797d5afc297c4545124f7ee72f51ef05450e0c0b7bc85a48a586f7b3d1c0f49cbde61483e39ed3b8ca4979113abe5f35dc9a26c4ddefdb
- SSDEEP
  
  1536:Dow9RmOpUUau3yD+YCJm4m3gDuueWuOMcKG+p:8uRhCRAymJmRgfeWu3G+p
Score

7^/10

discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1