mirai | cbf92e8a0ac875219802f4e5ffb7177afb36d915c8041337883f4fd1e9497d8a | Triage

Sharing

General

Target

cbf92e8a0ac875219802f4e5ffb7177afb36d915c8041337883f4fd1e9497d8a.sh
Size

1KB
Sample

250223-ddz7nawkgr
MD5

5e6b993735e7a9bcafc44479de9ad361
SHA1

646f766fcc739d4e370626ad0cd732955b85bff1
SHA256

cbf92e8a0ac875219802f4e5ffb7177afb36d915c8041337883f4fd1e9497d8a
SHA512

7e344749f5df14e6f8aa8ddb8f2b38438e886b019afcfa3020a505eb9f660e84741fffad3dc31e031b6245ce205737b1f08efc79bf466e51c6d46fcf3dbcaa35

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  cbf92e8a0ac875219802f4e5ffb7177afb36d915c8041337883f4fd1e9497d8a.sh
- Size
  
  1KB
- MD5
  
  5e6b993735e7a9bcafc44479de9ad361
- SHA1
  
  646f766fcc739d4e370626ad0cd732955b85bff1
- SHA256
  
  cbf92e8a0ac875219802f4e5ffb7177afb36d915c8041337883f4fd1e9497d8a
- SHA512
  
  7e344749f5df14e6f8aa8ddb8f2b38438e886b019afcfa3020a505eb9f660e84741fffad3dc31e031b6245ce205737b1f08efc79bf466e51c6d46fcf3dbcaa35
Score

10^/10

mirai sora botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (532869) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscovery

behavioral2

miraisoraantivmbotnetdefense_evasiondiscovery

behavioral3

miraisorabotnetdefense_evasiondiscovery

behavioral4

miraisorabotnetdefense_evasiondiscovery