mirai | e93b2242cf29b1ae19ef68c6037d31b4ff835edfa0ba7e690004cfe4ccdf2f1b | Triage

Sharing

General

Target

bash.sh
Size

2KB
Sample

250410-tccmzawway
MD5

41ec0e362e0f5e909f2327e42c4e85c0
SHA1

bd3cdfe5722835544e267c22649a4cc3eaf7f5e0
SHA256

e93b2242cf29b1ae19ef68c6037d31b4ff835edfa0ba7e690004cfe4ccdf2f1b
SHA512

4c9c4e924bd2a8c18053584fbe42b327dd56c8cfacb2556d7d62912c5fd9a1bc35291789cc8140f1d1f8900ba98a64b1954e39ea077e3bbefd36bcf850798176

Score

10^/10

mirai owari antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Extracted

Family

mirai

Botnet

OWARI

C2

newageofkifirempire.camdvr.org

Targets

- Target
  
  bash.sh
- Size
  
  2KB
- MD5
  
  41ec0e362e0f5e909f2327e42c4e85c0
- SHA1
  
  bd3cdfe5722835544e267c22649a4cc3eaf7f5e0
- SHA256
  
  e93b2242cf29b1ae19ef68c6037d31b4ff835edfa0ba7e690004cfe4ccdf2f1b
- SHA512
  
  4c9c4e924bd2a8c18053584fbe42b327dd56c8cfacb2556d7d62912c5fd9a1bc35291789cc8140f1d1f8900ba98a64b1954e39ea077e3bbefd36bcf850798176
Score

10^/10

mirai owari botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraiowaribotnetdefense_evasiondiscovery

behavioral2

miraiowariantivmbotnetdefense_evasiondiscovery

behavioral3

miraiowaribotnetdefense_evasiondiscovery

behavioral4

miraiowaribotnetdefense_evasiondiscovery