mirai | 696ad18e6cab6debbde8a4ddf3579140c2260cfb189f0dc47bb442c29f86ccaa | Triage

Sharing

General

Target

x86_64
Size

53KB
Sample

250216-3zalkatjap
MD5

b7ed0508aa46b3cf5466830246724b92
SHA1

c272358e33146fc7f75a88f4e3bf91d737859a1d
SHA256

696ad18e6cab6debbde8a4ddf3579140c2260cfb189f0dc47bb442c29f86ccaa
SHA512

ad87540adf41366bdb034a0f47b57486977f4ac71b4a1f89d4e8bc57858b05549dfa08e8f30e927565ed0ba3f701b0cd906764acc0a95ab9452611cf55010af9
SSDEEP

1536:KHyLXlX4enUw0iw6rlM1AeG3GwKlFRkku33:LLXloeUw016r+1Ab3GwKlF833

Score

10^/10

mirai kurc defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  x86_64
- Size
  
  53KB
- MD5
  
  b7ed0508aa46b3cf5466830246724b92
- SHA1
  
  c272358e33146fc7f75a88f4e3bf91d737859a1d
- SHA256
  
  696ad18e6cab6debbde8a4ddf3579140c2260cfb189f0dc47bb442c29f86ccaa
- SHA512
  
  ad87540adf41366bdb034a0f47b57486977f4ac71b4a1f89d4e8bc57858b05549dfa08e8f30e927565ed0ba3f701b0cd906764acc0a95ab9452611cf55010af9
- SSDEEP
  
  1536:KHyLXlX4enUw0iw6rlM1AeG3GwKlFRkku33:LLXloeUw016r+1Ab3GwKlF833
Score

9^/10

defense_evasion discovery
- Contacts a large (6404) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery