logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for global professionals · Monday, March 31, 2025 · 798,642,559 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Pacific Islands Forum News Topics: By Country | By State ; Press Releases by Industry Channel > All Pacific Islands Forum Press Releases

ANY.RUN Publishes In-Depth Technical Analysis of GorillaBot, a Mirai-Based Botnet Targeting Over 100 Countries

DUBAI, DUBAI, UNITED ARAB EMIRATES, March 25, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has published a comprehensive technical breakdown of GorillaBot, a newly discovered botnet based on the infamous Mirai source code. The botnet has already launched over 300,000 attacks globally and is actively targeting sectors including telecommunications, finance, and education.

饾悁 饾悕饾悶饾惏 饾悈饾悮饾悳饾悶 饾惃饾悷 饾悮饾惂 饾悗饾惀饾悵 饾悡饾悺饾惈饾悶饾悮饾惌

GorillaBot reuses significant portions of Mirai鈥檚 original code but introduces its own enhancements, including custom encryption schemes, raw TCP communication, and advanced anti-analysis techniques.

It stands out for its ability to evade detection in containerized environments and honeypots, making it a more elusive threat than its predecessors.

饾悐饾悶饾惒 饾悡饾悮饾悿饾悶饾悮饾惏饾悮饾惒饾惉 饾悷饾惈饾惃饾惁 饾惌饾悺饾悶 饾悁饾惂饾悮饾惀饾惒饾惉饾悽饾惉

路 饾棔饾槀饾椂饾椆饾榿 饾椉饾椈 饾棤饾椂饾椏饾棶饾椂 饾棸饾椉饾棻饾棽: GorillaBot heavily reuses core logic from Mirai while introducing its own improvements.

路 饾棓饾棻饾槂饾棶饾椈饾棸饾棽饾棻 饾棖饾煯 饾棸饾椉饾椇饾椇饾槀饾椈饾椂饾棸饾棶饾榿饾椂饾椉饾椈: Utilizes raw TCP sockets and a custom XTEA-like cipher for encrypting server addresses and communication.

路 饾棓饾槀饾榿饾椀饾棽饾椈饾榿饾椂饾棸饾棶饾榿饾椂饾椉饾椈 饾椇饾棽饾棸饾椀饾棶饾椈饾椂饾榾饾椇: Combines a decrypted hardcoded array and a server-provided magic value, then hashes it with SHA-256 for authentication.

路 饾棙饾槂饾棶饾榾饾椂饾椉饾椈 饾榿饾棽饾棸饾椀饾椈饾椂饾椌饾槀饾棽饾榾: Performs environment checks to avoid honeypots and Kubernetes containers, exiting immediately if detected.

路 饾棓饾椈饾榿饾椂-饾棻饾棽饾棷饾槀饾棿饾棿饾椂饾椈饾棿 饾棷饾棽饾椀饾棶饾槂饾椂饾椉饾椏: Uses TracerPid checks and SIGTRAP handling to avoid analysis tools.

路 饾棦饾棷饾棾饾槀饾榾饾棸饾棶饾榿饾椂饾椉饾椈 饾榿饾棶饾棸饾榿饾椂饾棸饾榾: Encrypts internal configuration using a Caesar cipher and a custom block cipher.

To explore the full technical breakdown of GorillaBot, including behavior analysis, code insights, and relevant IOCs visit the ANY.RUN blog.

饾悁饾悰饾惃饾惍饾惌 饾悁饾悕饾悩.饾悜饾悢饾悕

ANY.RUN is a cloud-based cybersecurity platform used by over 500,000 professionals worldwide. It offers an interactive malware sandbox along with powerful threat intelligence capabilities, enabling real-time behavioral analysis across Windows, Linux, and Android environments. From dynamic analysis to uncovering IOCs and tracking threat actors, ANY.RUN helps security teams investigate threats faster, collaborate more effectively, and stay ahead of emerging malware.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn

Powered by EIN Presswire

Distribution channels: Banking, Finance & Investment Industry, Business & Economy, IT Industry, International Organizations, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release

Pacific Islands Forum News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2025 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement