mirai | c2f41ff599406f77d06093c7d23673e5e7bad7ece180e77f2ac9859df9bc8ce3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

hoho.x86

ubuntu-22.04-amd64

9

Resubmissions

22/03/2025, 05:27

250322-f5jp4aytbz 10

22/03/2025, 05:19

250322-fz3k1sysfv 10

Sharing

General

Target

hoho.x86
Size

49KB
Sample

250322-fz3k1sysfv
MD5

bf4aa62f73962f5f549d590bb1af23c6
SHA1

1d1d0e042c5d2f1545389c3890f35a809dabca59
SHA256

c2f41ff599406f77d06093c7d23673e5e7bad7ece180e77f2ac9859df9bc8ce3
SHA512

fc47f2cdf90985dedac50888f695760925fd539d29fcc698fb685c5b73cb152e98da12a3df4dda4bfbab2ff415aa486f19a4e928047cf97fa18df75a4f3143c7
SSDEEP

1536:ihLWDE5czODWnT/dZ7DO5FfAuxFIYhcN2R+/ek1Fpw6:ILx5czO6T1Z74Fhh+/eypw6

Score

10^/10

mirai sora defense_evasion discovery linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

hoho.x86

Resource

ubuntu2204-amd64-20250307-en

defense_evasion discovery

ubuntu-22.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  hoho.x86
- Size
  
  49KB
- MD5
  
  bf4aa62f73962f5f549d590bb1af23c6
- SHA1
  
  1d1d0e042c5d2f1545389c3890f35a809dabca59
- SHA256
  
  c2f41ff599406f77d06093c7d23673e5e7bad7ece180e77f2ac9859df9bc8ce3
- SHA512
  
  fc47f2cdf90985dedac50888f695760925fd539d29fcc698fb685c5b73cb152e98da12a3df4dda4bfbab2ff415aa486f19a4e928047cf97fa18df75a4f3143c7
- SSDEEP
  
  1536:ihLWDE5czODWnT/dZ7DO5FfAuxFIYhcN2R+/ek1Fpw6:ILx5czO6T1Z74Fhh+/eypw6
Score

9^/10

defense_evasion discovery
- Contacts a large (58294) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy