mirai | e60ffba5989232a11be2a879fef11d0ad899d96a00d0173828c80c4f12e9688f | Triage

Sharing

General

Target

e60ffba5989232a11be2a879fef11d0ad899d96a00d0173828c80c4f12e9688f.sh
Size

2KB
Sample

250308-r4mwxaynw8
MD5

6aea9de4b1853e6a5cea8ad020f48398
SHA1

20e44372765f05e6899aa9bd7e4d9ff64f59c2f7
SHA256

e60ffba5989232a11be2a879fef11d0ad899d96a00d0173828c80c4f12e9688f
SHA512

4cb78d553f9ae66e591534a047163ba9db0e54261266c700be091b4ddfe773de2e194f3b80916d40830d1d26f6a76912191fd01858922599fa2b88ca0c70d5a2

Score

10^/10

mirai demons antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Extracted

Family

mirai

Botnet

DEMONS

Targets

- Target
  
  e60ffba5989232a11be2a879fef11d0ad899d96a00d0173828c80c4f12e9688f.sh
- Size
  
  2KB
- MD5
  
  6aea9de4b1853e6a5cea8ad020f48398
- SHA1
  
  20e44372765f05e6899aa9bd7e4d9ff64f59c2f7
- SHA256
  
  e60ffba5989232a11be2a879fef11d0ad899d96a00d0173828c80c4f12e9688f
- SHA512
  
  4cb78d553f9ae66e591534a047163ba9db0e54261266c700be091b4ddfe773de2e194f3b80916d40830d1d26f6a76912191fd01858922599fa2b88ca0c70d5a2
Score

10^/10

mirai demons botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraidemonsbotnetdefense_evasiondiscovery

behavioral2

miraidemonsantivmbotnetdefense_evasiondiscovery

behavioral3

miraidemonsbotnetdefense_evasiondiscovery

behavioral4

miraidemonsbotnetdefense_evasiondiscovery