mirai | 581808d5bbc01cadd2257915928dbc147ea1c783f71059e3f24763b09e476560 | Triage

Sharing

General

Target

702-1-0x00008000-0x00029794-memory.dmp
Size

89KB
Sample

250414-yjzhjazkv5
MD5

02df72634b0990f585526bd5e57192b7
SHA1

d16d1afed360148f8caa2cbec85a78d3dace60e9
SHA256

581808d5bbc01cadd2257915928dbc147ea1c783f71059e3f24763b09e476560
SHA512

673cd237f3d087f8f8b950570521c540bfabccebd5c5b8204646ab6ced15b1ddeb64dd2ce8a8244640ba07ce6197d910570d78c6fcc9578b02c798eee74283d3
SSDEEP

1536:6AnJr9LuyWmgddGe4XalHzbx8PKhEO9ljmi4NLCz7QHZeYHTvsT:3Vu+Ve4XalHzbx8PogNLCz7QHE8ET

Score

10^/10

mirai mirai defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Targets

- Target
  
  702-1-0x00008000-0x00029794-memory.dmp
- Size
  
  89KB
- MD5
  
  02df72634b0990f585526bd5e57192b7
- SHA1
  
  d16d1afed360148f8caa2cbec85a78d3dace60e9
- SHA256
  
  581808d5bbc01cadd2257915928dbc147ea1c783f71059e3f24763b09e476560
- SHA512
  
  673cd237f3d087f8f8b950570521c540bfabccebd5c5b8204646ab6ced15b1ddeb64dd2ce8a8244640ba07ce6197d910570d78c6fcc9578b02c798eee74283d3
- SSDEEP
  
  1536:6AnJr9LuyWmgddGe4XalHzbx8PKhEO9ljmi4NLCz7QHZeYHTvsT:3Vu+Ve4XalHzbx8PogNLCz7QHE8ET
Score

7^/10

defense_evasion discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery