mirai | 95a5fbf16e419355e9008a81d1abea50ba74f54ccabb79970e405f41297ea8ce | Triage

Sharing

General

Target

telnet.sh
Size

3KB
Sample

250408-j9xdja1r15
MD5

7edf781863be626c878260b999740bef
SHA1

222d20e21b4cf647a005015ffacda52d9b8397c6
SHA256

95a5fbf16e419355e9008a81d1abea50ba74f54ccabb79970e405f41297ea8ce
SHA512

ba1b5a0470d10d5b132e37dde4061b35d83e59d1a2d158968f0947bb707e5d000faf5d7521f99d6ad52af3ea167112bcc51485cca7c41857172530dfd2c020cc

Score

10^/10

mirai owari antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Targets

- Target
  
  telnet.sh
- Size
  
  3KB
- MD5
  
  7edf781863be626c878260b999740bef
- SHA1
  
  222d20e21b4cf647a005015ffacda52d9b8397c6
- SHA256
  
  95a5fbf16e419355e9008a81d1abea50ba74f54ccabb79970e405f41297ea8ce
- SHA512
  
  ba1b5a0470d10d5b132e37dde4061b35d83e59d1a2d158968f0947bb707e5d000faf5d7521f99d6ad52af3ea167112bcc51485cca7c41857172530dfd2c020cc
Score

10^/10

mirai owari botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiowaribotnetdefense_evasiondiscovery

behavioral2

miraiowariantivmbotnetdefense_evasiondiscovery

behavioral3

miraiowaribotnetdefense_evasiondiscovery

behavioral4

miraiowaribotnetdefense_evasiondiscovery