mirai | 28dc0d138ce29791960807af2751f548f052071ea8bd97978844fd41bd6716fa | Triage

Sharing

General

Target

huhu.sh
Size

612B
Sample

250203-zlplsavkhk
MD5

03e98be4a12a9568c29a2af67f0203e6
SHA1

4081ba65d287eb000bc8acf85450576502f320c0
SHA256

28dc0d138ce29791960807af2751f548f052071ea8bd97978844fd41bd6716fa
SHA512

c544a875edc33cd939ff88737d1a04a59181a0fd2febc6742b8e6412640e975c02e4430c5f88ed8217de48ef9187b3a68a7524be71b7191b8fc76c8c30764f6b

Score

10^/10

mirai botnet defense_evasion linux

Malware Config

Extracted

Family

mirai

C2

gay.nguyenletriloc.pro

Targets

- Target
  
  huhu.sh
- Size
  
  612B
- MD5
  
  03e98be4a12a9568c29a2af67f0203e6
- SHA1
  
  4081ba65d287eb000bc8acf85450576502f320c0
- SHA256
  
  28dc0d138ce29791960807af2751f548f052071ea8bd97978844fd41bd6716fa
- SHA512
  
  c544a875edc33cd939ff88737d1a04a59181a0fd2febc6742b8e6412640e975c02e4430c5f88ed8217de48ef9187b3a68a7524be71b7191b8fc76c8c30764f6b
Score

10^/10

mirai botnet defense_evasion
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Deletes itself
- Executes dropped EXE
- Traces itself
  Traces itself to prevent debugging attempts
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraibotnetdefense_evasion

behavioral2

miraibotnetdefense_evasion

behavioral3

miraibotnetdefense_evasion

behavioral4

miraibotnetdefense_evasion