mirai | 37bd3d9af41b12e3ebc1e100cebb351f958b5f70b76484abd2a6b556252762fc | Triage

Sharing

General

Target

x86
Size

61KB
Sample

250308-m4kz4awsbt
MD5

26d39d6b4b255fd000378d4dcdca2b8d
SHA1

404e9f0d7e6fef2822889a3fee663938403197f2
SHA256

37bd3d9af41b12e3ebc1e100cebb351f958b5f70b76484abd2a6b556252762fc
SHA512

466cd5515df5d5626f514860d8505f40adcac9ddf31c034af9ef0e1b022d8003c323cdaafcfd3732f50b2e11b78ad580aed15d363a877d3f7b7c0ef711417821
SSDEEP

1536:Z7qARubgzY/bEJykRcpH80LDHhklv4JQC9DSW:NP+eY/bEJGdXBk9AP9l

Score

10^/10

mirai wicked discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Targets

- Target
  
  x86
- Size
  
  61KB
- MD5
  
  26d39d6b4b255fd000378d4dcdca2b8d
- SHA1
  
  404e9f0d7e6fef2822889a3fee663938403197f2
- SHA256
  
  37bd3d9af41b12e3ebc1e100cebb351f958b5f70b76484abd2a6b556252762fc
- SHA512
  
  466cd5515df5d5626f514860d8505f40adcac9ddf31c034af9ef0e1b022d8003c323cdaafcfd3732f50b2e11b78ad580aed15d363a877d3f7b7c0ef711417821
- SSDEEP
  
  1536:Z7qARubgzY/bEJykRcpH80LDHhklv4JQC9DSW:NP+eY/bEJGdXBk9AP9l
Score

8^/10

discovery rootkit
- Contacts a large (1177) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit