mirai | 983236f0e5c08fc2af13b85407a482226ad4d5338ebd24fa436ef4e8ffd6e766 | Triage

Sharing

General

Target

983236f0e5c08fc2af13b85407a482226ad4d5338ebd24fa436ef4e8ffd6e766.sh
Size

1KB
Sample

250201-d17v1stnbq
MD5

b23395e3dbaff4ec82d7549849c16efe
SHA1

16b58b82874819194fe0d90a8b52d48a4af6475e
SHA256

983236f0e5c08fc2af13b85407a482226ad4d5338ebd24fa436ef4e8ffd6e766
SHA512

accc54fbcdc0096f88da0fe3625b1b39d8bbd1f69ab0a035300809a3a558aaf94dd9b8d3b247fb411ec1f65a06f3f7e69382dc1a8691cbc3c407badb89193a9c

Score

10^/10

mirai antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

C2

panel.daudau.org

Extracted

Family

mirai

C2

panel.daudau.org

Extracted

Family

mirai

C2

panel.daudau.org

Extracted

Family

mirai

C2

panel.daudau.org

Extracted

Family

mirai

C2

panel.daudau.org

Targets

- Target
  
  983236f0e5c08fc2af13b85407a482226ad4d5338ebd24fa436ef4e8ffd6e766.sh
- Size
  
  1KB
- MD5
  
  b23395e3dbaff4ec82d7549849c16efe
- SHA1
  
  16b58b82874819194fe0d90a8b52d48a4af6475e
- SHA256
  
  983236f0e5c08fc2af13b85407a482226ad4d5338ebd24fa436ef4e8ffd6e766
- SHA512
  
  accc54fbcdc0096f88da0fe3625b1b39d8bbd1f69ab0a035300809a3a558aaf94dd9b8d3b247fb411ec1f65a06f3f7e69382dc1a8691cbc3c407badb89193a9c
Score

10^/10

mirai botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (436128) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdefense_evasiondiscovery

behavioral2

miraiantivmbotnetdefense_evasiondiscovery

behavioral3

miraibotnetdefense_evasiondiscovery

behavioral4

miraibotnetdefense_evasiondiscovery