mirai | b03e4b5fc01f39df8694d21b3df5a5cb8f4ab80190d3575d0739f5c4cce098b7

Analysis

max time kernel
153s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
14-05-2023 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6ca07a951ecfc870b92c466c86431b7.elf
Size

20KB
MD5

c6ca07a951ecfc870b92c466c86431b7
SHA1

b8d8201e5a1934cee0daea7de8c067e4a67c7c32
SHA256

b03e4b5fc01f39df8694d21b3df5a5cb8f4ab80190d3575d0739f5c4cce098b7
SHA512

89e360adb327b97e13ddb56721626488423cf5a97ad6301da724a63ed49e08186d3f2bc52498e01fb72afeb73defdb213ab67fbe667164d59b0ef59f31913a54
SSDEEP

384:M0hLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaQNAr8vcoBAvP+qNV+KLebRtnISyW:T98o08kxofBE+ZkXaT47C2EpitkW

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

File opened for modification /sbin/watchdog
File opened for modification /bin/watchdog

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

Reads runtime system information 8 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/569/cmdline
File opened for reading	/proc/570/cmdline
File opened for reading	/proc/571/cmdline
File opened for reading	/proc/572/cmdline
File opened for reading	/proc/577/cmdline
File opened for reading	/proc/578/cmdline
File opened for reading	/proc/422/cmdline
File opened for reading	/proc/541/cmdline

/tmp/c6ca07a951ecfc870b92c466c86431b7.elf
/tmp/c6ca07a951ecfc870b92c466c86431b7.elf
1⤵
PID:574

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Impair Defenses

T1562

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/574-1-0x0000000008048000-0x00000000080547a0-memory.dmp

Download