mirai | 1ea3b0dde89c846978186e3c365465692a0d162fc96fc547aaf69184fbb4be8c | Triage

Sharing

General

Target

telnet.sh
Size

3KB
Sample

250410-qt5tassxgz
MD5

22b495d3b56680d39f986144bf151626
SHA1

0e03a32492087167fcb38124d9c3a390c0998668
SHA256

1ea3b0dde89c846978186e3c365465692a0d162fc96fc547aaf69184fbb4be8c
SHA512

81974e49a3a8f02881afb53a53a6e37e1e2f9901b5ae55ba41b8647f5c71112a2407dbfa0c7a736d612368ca2d02e32ed16b494eda341112c4487177fa0af2be

Score

10^/10

mirai owari antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Targets

- Target
  
  telnet.sh
- Size
  
  3KB
- MD5
  
  22b495d3b56680d39f986144bf151626
- SHA1
  
  0e03a32492087167fcb38124d9c3a390c0998668
- SHA256
  
  1ea3b0dde89c846978186e3c365465692a0d162fc96fc547aaf69184fbb4be8c
- SHA512
  
  81974e49a3a8f02881afb53a53a6e37e1e2f9901b5ae55ba41b8647f5c71112a2407dbfa0c7a736d612368ca2d02e32ed16b494eda341112c4487177fa0af2be
Score

10^/10

mirai owari botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiowaribotnetdefense_evasiondiscovery

behavioral2

miraiowariantivmbotnetdefense_evasiondiscovery

behavioral3

miraiowaribotnetdefense_evasiondiscovery

behavioral4

miraiowaribotnetdefense_evasiondiscovery