ANY.RUN Publishes In-Depth Technical Analysis Of Gorillabot, A Mirai-Based Botnet Targeting Over 100 Countries

DUBAI, DUBAI, UNITED ARAB EMIRATES, March 25, 2025 /EINPresswire / -- ANY , a leading provider of interactive malware analysis and threat intelligence solutions, has published a comprehensive technical breakdown of GorillaBot, a newly discovered botnet based on the infamous Mirai source code. The botnet has already launched over 300,000 attacks globally and is actively targeting sectors including telecommunications, finance, and education.

A New Face of an Old Threat

GorillaBot reuses significant portions of Mirai's original code but introduces its own enhancements, including custom encryption schemes, raw TCP communication, and advanced anti-analysis techniques.

It stands out for its ability to evade detection in containerized environments and honeypots, making it a more elusive threat than its predecessors.

Key Takeaways from the Analysis

· Built on Mirai code: GorillaBot heavily reuses core logic from Mirai while introducing its own improvements.

· Advanced C2 communication: Utilizes raw TCP sockets and a custom XTEA-like cipher for encrypting server addresses and communication.

· Authentication mechanism: Combines a decrypted hardcoded array and a server-provided magic value, then hashes it with SHA-256 for authentication.

· Evasion techniques: Performs environment checks to avoid honeypots and Kubernetes containers, exiting immediately if detected.

· Anti-debugging behavior: Uses TracerPid checks and SIGTRAP handling to avoid analysis tools.

· Obfuscation tactics: Encrypts internal configuration using a Caesar cipher and a custom block cipher.

To explore the full technical breakdown of GorillaBot, including behavior analysis, code insights, and relevant IOCs visit the ANY blog .

About ANY

ANY is a cloud-based cybersecurity platform used by over 500,000 professionals worldwide. It offers an interactive malware sandbox along with powerful threat intelligence capabilities, enabling real-time behavioral analysis across Windows, Linux, and Android environments. From dynamic analysis to uncovering IOCs and tracking threat actors, ANY helps security teams investigate threats faster, collaborate more effectively, and stay ahead of emerging malware.

The ANY team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

MENAFN25032025003118003196ID1109354372