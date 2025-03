DUBAI, DUBAI, UNITED ARAB EMIRATES, March 25, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has published a comprehensive technical breakdown of GorillaBot, a newly discovered botnet based on the infamous Mirai source code. The botnet has already launched over 300,000 attacks globally and is actively targeting sectors including telecommunications, finance, and education.

GorillaBot reuses significant portions of Mirai鈥檚 original code but introduces its own enhancements, including custom encryption schemes, raw TCP communication, and advanced anti-analysis techniques.

It stands out for its ability to evade detection in containerized environments and honeypots, making it a more elusive threat than its predecessors.

路 饾棔饾槀饾椂饾椆饾榿 饾椉饾椈 饾棤饾椂饾椏饾棶饾椂 饾棸饾椉饾棻饾棽: GorillaBot heavily reuses core logic from Mirai while introducing its own improvements.

路 饾棓饾棻饾槂饾棶饾椈饾棸饾棽饾棻 饾棖饾煯 饾棸饾椉饾椇饾椇饾槀饾椈饾椂饾棸饾棶饾榿饾椂饾椉饾椈: Utilizes raw TCP sockets and a custom XTEA-like cipher for encrypting server addresses and communication.

路 饾棓饾槀饾榿饾椀饾棽饾椈饾榿饾椂饾棸饾棶饾榿饾椂饾椉饾椈 饾椇饾棽饾棸饾椀饾棶饾椈饾椂饾榾饾椇: Combines a decrypted hardcoded array and a server-provided magic value, then hashes it with SHA-256 for authentication.

路 饾棙饾槂饾棶饾榾饾椂饾椉饾椈 饾榿饾棽饾棸饾椀饾椈饾椂饾椌饾槀饾棽饾榾: Performs environment checks to avoid honeypots and Kubernetes containers, exiting immediately if detected.

路 饾棓饾椈饾榿饾椂-饾棻饾棽饾棷饾槀饾棿饾棿饾椂饾椈饾棿 饾棷饾棽饾椀饾棶饾槂饾椂饾椉饾椏: Uses TracerPid checks and SIGTRAP handling to avoid analysis tools.

路 饾棦饾棷饾棾饾槀饾榾饾棸饾棶饾榿饾椂饾椉饾椈 饾榿饾棶饾棸饾榿饾椂饾棸饾榾: Encrypts internal configuration using a Caesar cipher and a custom block cipher.

To explore the full technical breakdown of GorillaBot, including behavior analysis, code insights, and relevant IOCs visit the ANY.RUN blog.

ANY.RUN is a cloud-based cybersecurity platform used by over 500,000 professionals worldwide. It offers an interactive malware sandbox along with powerful threat intelligence capabilities, enabling real-time behavioral analysis across Windows, Linux, and Android environments. From dynamic analysis to uncovering IOCs and tracking threat actors, ANY.RUN helps security teams investigate threats faster, collaborate more effectively, and stay ahead of emerging malware.

