mirai | 7f295bcbb274edcdf9b6f927ca1bdb48ae7052d72d14563794c13073a811bfad | Triage

Submit
Reports

Overview

overview

Static

static

7

da1dd85a4c...ec.elf

debian-9-armhf

Sharing

General

Target

da1dd85a4c0caad250e12ceb09a7ebec.elf
Size

52KB
Sample

230504-krldzsbb46
MD5

da1dd85a4c0caad250e12ceb09a7ebec
SHA1

a42dd1975668a14540656802322b0b84a631865d
SHA256

7f295bcbb274edcdf9b6f927ca1bdb48ae7052d72d14563794c13073a811bfad
SHA512

3a354871f4e5cf83add2ba83357b7132afa8fa4e3e5ed0520acde1434a6547c3e512b4097f929a5b82812c36ff592eaa0970930450e99b64f6bf0b6e03220bab
SSDEEP

768:fPyuZr6HxkmEt3VY92uqUZlKOzzOTMoUH27J+nus9q3UELVVhRLRP5/JqpecU:Jq43VTU6OGg6+nu1LVVhRNRgpecU

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da1dd85a4c0caad250e12ceb09a7ebec.elf

Resource

debian9-armhf-en-20211208

mirai lzrd botnet discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  da1dd85a4c0caad250e12ceb09a7ebec.elf
- Size
  
  52KB
- MD5
  
  da1dd85a4c0caad250e12ceb09a7ebec
- SHA1
  
  a42dd1975668a14540656802322b0b84a631865d
- SHA256
  
  7f295bcbb274edcdf9b6f927ca1bdb48ae7052d72d14563794c13073a811bfad
- SHA512
  
  3a354871f4e5cf83add2ba83357b7132afa8fa4e3e5ed0520acde1434a6547c3e512b4097f929a5b82812c36ff592eaa0970930450e99b64f6bf0b6e03220bab
- SSDEEP
  
  768:fPyuZr6HxkmEt3VY92uqUZlKOzzOTMoUH27J+nus9q3UELVVhRLRP5/JqpecU:Jq43VTU6OGg6+nu1LVVhRNRgpecU
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (19085) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy