mirai | b88af3d8497698f899f6fe58f5a1d0e19143dffeb70656c018bb66e3ebb58581 | Triage

Sharing

General

Target

Hilix.sh
Size

1KB
Sample

250217-rfkrmszkcm
MD5

3090c143255a23405cfb7352fc616487
SHA1

823690d5f6f37ed7445e315462fb580ade61f736
SHA256

b88af3d8497698f899f6fe58f5a1d0e19143dffeb70656c018bb66e3ebb58581
SHA512

519e65e8c66381931606ea8a0033a828673a3b5483b72bd94037f309990482d834a8a75a2fbb06f72ff94c4135568b59ac709f64a66d10ae0aadbb8e3627ecc6

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  Hilix.sh
- Size
  
  1KB
- MD5
  
  3090c143255a23405cfb7352fc616487
- SHA1
  
  823690d5f6f37ed7445e315462fb580ade61f736
- SHA256
  
  b88af3d8497698f899f6fe58f5a1d0e19143dffeb70656c018bb66e3ebb58581
- SHA512
  
  519e65e8c66381931606ea8a0033a828673a3b5483b72bd94037f309990482d834a8a75a2fbb06f72ff94c4135568b59ac709f64a66d10ae0aadbb8e3627ecc6
Score

10^/10

mirai sora botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (1314509) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscovery

behavioral2

miraisoraantivmbotnetdefense_evasiondiscovery

behavioral3

miraisorabotnetdefense_evasiondiscovery

behavioral4

miraisorabotnetdefense_evasiondiscovery