GorillaBot: Technical Analysis and Code Similarities with Mirai

SUMMARY :

GorillaBot is a newly discovered Mirai-based botnet that has launched over 300,000 attacks across more than 100 countries, targeting various industries including telecommunications, finance, and education. It reuses Mirai's core logic while adding custom encryption and evasion techniques. The malware uses raw TCP sockets and a custom XTEA-like cipher for C2 communication, implements anti-debugging and anti-analysis checks, and authenticates to its C2 server using a SHA-256-based token. Attack commands are encoded, hashed, and processed using a Mirai-style attack_parse function. GorillaBot's sophistication highlights the ongoing evolution of legacy malware and the need for advanced analysis tools to combat such threats.

OPENCTI LABELS :

botnet,evasion,encryption,mirai,c2 communication,gorillabot,anti-debugging,xtea,sha-256


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


GorillaBot: Technical Analysis and Code Similarities with Mirai