mirai | 1213cfaac8894eb28d63fc974cd61396c6bf017a1aa642b5e275c2ef4dd098c3 | Triage

Submit
Reports

Overview

overview

Static

static

7

xd.x86.elf

ubuntu-18.04-amd64

Sharing

General

Target

xd.x86.elf
Size

29KB
Sample

230504-jwjkhsag86
MD5

3ac9feb7bc5dd1acdd2f444a9f6874b6
SHA1

554c03942552e6de81fd0e5b264e7e30b7076317
SHA256

1213cfaac8894eb28d63fc974cd61396c6bf017a1aa642b5e275c2ef4dd098c3
SHA512

6f7010a0ab12f371c25e39c772d9c78136d6a112190bf893906005f8db59b4dc07a0cd1f67eb8d955b1f09c5821305af8d6177fa37450fb2c067468dbced9546
SSDEEP

384:MpGclfUDwDsOAFImUQSAAHCj9TKcSLJY7eoayfsqxRFpDU7/2LDVokNyqN:PcmROmIIAiNKpLJY7Pa6tpI7/SoB4

Score

10^/10

mirai lzrd botnet discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

xd.x86.elf

Resource

ubuntu1804-amd64-en-20211208

mirai lzrd botnet discovery

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  xd.x86.elf
- Size
  
  29KB
- MD5
  
  3ac9feb7bc5dd1acdd2f444a9f6874b6
- SHA1
  
  554c03942552e6de81fd0e5b264e7e30b7076317
- SHA256
  
  1213cfaac8894eb28d63fc974cd61396c6bf017a1aa642b5e275c2ef4dd098c3
- SHA512
  
  6f7010a0ab12f371c25e39c772d9c78136d6a112190bf893906005f8db59b4dc07a0cd1f67eb8d955b1f09c5821305af8d6177fa37450fb2c067468dbced9546
- SSDEEP
  
  384:MpGclfUDwDsOAFImUQSAAHCj9TKcSLJY7eoayfsqxRFpDU7/2LDVokNyqN:PcmROmIIAiNKpLJY7Pa6tpI7/SoB4
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20206) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy