mirai | 0df96a5cffeb864266683522bf51a4aa69aca457fba9cf74b16494ad98cea78c | Triage

Submit
Reports

Overview

overview

Static

static

7

a34142668f...d9.elf

debian-9-armhf

Sharing

General

Target

0f5694c5862b194b70c02bfbe0476318.bin
Size

50KB
Sample

230521-bc3v2sfe23
MD5

811769e79fcff77c3ec3eddcf3bf3c9b
SHA1

36f498102f9983b22e54dc92e548c3d01c63ed01
SHA256

0df96a5cffeb864266683522bf51a4aa69aca457fba9cf74b16494ad98cea78c
SHA512

75d3f4d2f1192bb90bb52691a677d45c07b022d3c37083aeb9e2bec2732ef01e2613ede493287de04fe28361aeed6ab61dd51507b88b7c85b3f5705d1de41185
SSDEEP

768:4BzZEyns/WAG8Oi2ULnMkSI61b8i7i5iYoJKM6I38XRaxXECL/NSE9irfFR03fIq:4BiyCQ9I6ZiUKNcku/NStfFQvBIw05k

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a34142668f5367637cec898cfb284dddcad10402cf83a8d2b2f254b0bb4f00d9.elf

Resource

debian9-armhf-20221111-en

mirai lzrd botnet discovery

debian-9-armhf

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  a34142668f5367637cec898cfb284dddcad10402cf83a8d2b2f254b0bb4f00d9.elf
- Size
  
  50KB
- MD5
  
  0f5694c5862b194b70c02bfbe0476318
- SHA1
  
  ae99523382b6324f612b2b2b2b5579433791640e
- SHA256
  
  a34142668f5367637cec898cfb284dddcad10402cf83a8d2b2f254b0bb4f00d9
- SHA512
  
  3e246ff52fa1743096bcc5e4415e547c76d9e2fcf73d2d33fa2270a3c968a851308375c8554dc8a73d3f11964bd232a8912dad80cbfb132a5d56bc293d75df45
- SSDEEP
  
  1536:oF18iPwsQfUal6BJZsSoSKLuQy4L24JyYmU6:uMsQfUYILoSKLB64sfU6
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (19611) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes itself
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy