mirai | 76a0f1dfac6e3430187108ad85a1253d8aff02524ca27e14998f9a094691c08b | Triage

Sharing

General

Target

debug.dbg
Size

69KB
Sample

250319-2rwndswvew
MD5

19cd1787a89d92e82e0c3b0618245d5d
SHA1

364be509eeab78ba08e5805447bfa5476930c5fb
SHA256

76a0f1dfac6e3430187108ad85a1253d8aff02524ca27e14998f9a094691c08b
SHA512

c8ebb6d3a87e547b69eb734218b31d1e3f667adafd3d0afd9ebb1593118d46892678009720f691c619da8fdb064f84027006109056231725b2cf837bdb7343c9
SSDEEP

1536:V5IWM3pufm+dOnBi+Z9XI3tPJfhI93ArE+OjEHedVOJw19E:V5Ix3pufvdOHwPJpA3ArExjE+eJA

Score

10^/10

mirai unstable defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

data.hello4443.xyz

Targets

- Target
  
  debug.dbg
- Size
  
  69KB
- MD5
  
  19cd1787a89d92e82e0c3b0618245d5d
- SHA1
  
  364be509eeab78ba08e5805447bfa5476930c5fb
- SHA256
  
  76a0f1dfac6e3430187108ad85a1253d8aff02524ca27e14998f9a094691c08b
- SHA512
  
  c8ebb6d3a87e547b69eb734218b31d1e3f667adafd3d0afd9ebb1593118d46892678009720f691c619da8fdb064f84027006109056231725b2cf837bdb7343c9
- SSDEEP
  
  1536:V5IWM3pufm+dOnBi+Z9XI3tPJfhI93ArE+OjEHedVOJw19E:V5Ix3pufvdOHwPJpA3ArExjE+eJA
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery