mirai | c2208a7e40e80f4b94ae9700432f2ff7de5aeb6c5a98b01fe2437e2fb573601f | Triage

Sharing

General

Target

c2208a7e40e80f4b94ae9700432f2ff7de5aeb6c5a98b01fe2437e2fb573601f
Size

86KB
Sample

250203-ms1lea1jgj
MD5

a6b62a5dfc8c6d736dfb75920fa16697
SHA1

d8ffa31d8a26943aa46f9f31a43eac84e171ffb0
SHA256

c2208a7e40e80f4b94ae9700432f2ff7de5aeb6c5a98b01fe2437e2fb573601f
SHA512

65e23e663c19ce43ecd87c4d78bcecedc0bf72aef95f7a4296c2c0dcc1f820b237c9c55065be2dc894302e6752b17274aa89ff37e88a5745cc93531d153cd292
SSDEEP

1536:VwjrooP6LS1c/s9knEDoF3k5azHnZWyFpC:WjrooPyS1cm4Hn

Score

10^/10

mirai credential_access defense_evasion

Malware Config

Targets

- Target
  
  c2208a7e40e80f4b94ae9700432f2ff7de5aeb6c5a98b01fe2437e2fb573601f
- Size
  
  86KB
- MD5
  
  a6b62a5dfc8c6d736dfb75920fa16697
- SHA1
  
  d8ffa31d8a26943aa46f9f31a43eac84e171ffb0
- SHA256
  
  c2208a7e40e80f4b94ae9700432f2ff7de5aeb6c5a98b01fe2437e2fb573601f
- SHA512
  
  65e23e663c19ce43ecd87c4d78bcecedc0bf72aef95f7a4296c2c0dcc1f820b237c9c55065be2dc894302e6752b17274aa89ff37e88a5745cc93531d153cd292
- SSDEEP
  
  1536:VwjrooP6LS1c/s9knEDoF3k5azHnZWyFpC:WjrooPyS1cm4Hn
Score

7^/10

credential_access defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasion