mirai | 98519df50f45e1740e083964afa2bdefe8847abe549a12cd3901d605679c0f24 | Triage

Sharing

General

Target

kre4per.mips
Size

78KB
Sample

250216-s9nwtsskdt
MD5

f42d3373e5fd409efd1d1ec30e1f14d2
SHA1

696f396f500bac9d6e8f37ae0c0012ebc41935ad
SHA256

98519df50f45e1740e083964afa2bdefe8847abe549a12cd3901d605679c0f24
SHA512

a19f201e97044749714e0e5b47b752a5d6eb30c5610a7016fe5bd861264a14793970cc23c0d6bd00ed043bd4d1663e27197ff47d214ee515e925cd56d081f2c6
SSDEEP

1536:lo89L2T27mQaXcn6EyvXqaQSjIHOVVU+6Y3zbNZtyQEc8LMksd42+P7w:lo+2TIaXIE6aZjIHIVU+6ybNZtyHc8Lm

Score

10^/10

mirai kurc defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

- Target
  
  kre4per.mips
- Size
  
  78KB
- MD5
  
  f42d3373e5fd409efd1d1ec30e1f14d2
- SHA1
  
  696f396f500bac9d6e8f37ae0c0012ebc41935ad
- SHA256
  
  98519df50f45e1740e083964afa2bdefe8847abe549a12cd3901d605679c0f24
- SHA512
  
  a19f201e97044749714e0e5b47b752a5d6eb30c5610a7016fe5bd861264a14793970cc23c0d6bd00ed043bd4d1663e27197ff47d214ee515e925cd56d081f2c6
- SSDEEP
  
  1536:lo89L2T27mQaXcn6EyvXqaQSjIHOVVU+6Y3zbNZtyQEc8LMksd42+P7w:lo+2TIaXIE6aZjIHIVU+6ybNZtyHc8Lm
Score

9^/10

defense_evasion discovery
- Contacts a large (3939) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery