mirai | 2e22b8d097eed40f8fd2c985b0a6fb31ed2f6ed8a022cc707ebbf9fc7be549cf | Triage

Sharing

General

Target

phantom.sh
Size

1KB
Sample

250323-dcrtwsxvct
MD5

b25643d9ed071bba8af0ef060b5180bf
SHA1

12c13e5c16cabcd24f9c38b750acd5be92df73ec
SHA256

2e22b8d097eed40f8fd2c985b0a6fb31ed2f6ed8a022cc707ebbf9fc7be549cf
SHA512

5eac9707aa2c220394b2d2be4737451e8b1cba8fe86611656c3ac599ffc6c1b24f4a30e4a40122f57bda4a0ad7d5dc5862cdf779e7f481c7f396bd757fe016c9

Score

10^/10

mirai wicked antivm botnet credential_access defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Targets

- Target
  
  phantom.sh
- Size
  
  1KB
- MD5
  
  b25643d9ed071bba8af0ef060b5180bf
- SHA1
  
  12c13e5c16cabcd24f9c38b750acd5be92df73ec
- SHA256
  
  2e22b8d097eed40f8fd2c985b0a6fb31ed2f6ed8a022cc707ebbf9fc7be549cf
- SHA512
  
  5eac9707aa2c220394b2d2be4737451e8b1cba8fe86611656c3ac599ffc6c1b24f4a30e4a40122f57bda4a0ad7d5dc5862cdf779e7f481c7f396bd757fe016c9
Score

10^/10

mirai wicked botnet credential_access defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiwickedbotnetcredential_accessdefense_evasiondiscovery

behavioral2

miraiwickedantivmbotnetcredential_accessdefense_evasiondiscovery

behavioral3

miraiwickedbotnetcredential_accessdefense_evasiondiscovery

behavioral4

miraiwickedbotnetcredential_accessdefense_evasiondiscovery