mirai | e16584774638c230ee54f829105a01eee783f8d544dffc68791bae456c3bc377

Analysis

max time kernel
150s
max time network
149s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
11-05-2023 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c100569e03ab29a96ba42f5567716cbf.elf
Size

24KB
MD5

c100569e03ab29a96ba42f5567716cbf
SHA1

dbd2a4bb026eed7831acc537596ebaa242c993e6
SHA256

e16584774638c230ee54f829105a01eee783f8d544dffc68791bae456c3bc377
SHA512

8af49eabc4326d681ad843736c1d7a001aa232a91b9c152c0a9f7c32a1254c5c4c564950de075408efb90db9af594c2cd26cb387c5ca4c33cf239224cd815b32
SSDEEP

768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpVwZqSWv1:4QlS07FUXqIYSXQKquWqN

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

File opened for modification /sbin/watchdog
File opened for modification /bin/watchdog

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

Reads runtime system information 10 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/423/cmdline
File opened for reading	/proc/424/cmdline
File opened for reading	/proc/431/cmdline
File opened for reading	/proc/439/cmdline
File opened for reading	/proc/401/cmdline
File opened for reading	/proc/407/cmdline
File opened for reading	/proc/410/cmdline
File opened for reading	/proc/415/cmdline
File opened for reading	/proc/403/cmdline
File opened for reading	/proc/447/cmdline

/tmp/c100569e03ab29a96ba42f5567716cbf.elf
/tmp/c100569e03ab29a96ba42f5567716cbf.elf
1⤵
PID:336

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Impair Defenses

T1562

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/336-1-0x00400000-0x00452a58-memory.dmp

Download