Overview

overview

10

Static

static

7

d00e880bfd...66.elf

debian-9-mipsel

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20221125-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20221125-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    25-05-2023 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d00e880bfd7598454a0a8e60cbae6f66.elf

  • Size

    24KB

  • MD5

    d00e880bfd7598454a0a8e60cbae6f66

  • SHA1

    025e99dec0ea271023007644377a8a3d69c1879a

  • SHA256

    c90e2b54921ab6553e2567c34b4f7b1ced31c18b0b826bc0e8971f6cda3af898

  • SHA512

    b8ded24e673fc15a68d782bf962075623d5aa35943c65594c5191add309d2f9207c2337b53393c71105632406ef8d92254492770205d8cc4a782db397522b41b

  • SSDEEP

    768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpSIZqSWvU:4QlS07FUXqIYSXQKquNqs

Score
10/10
mirailzrdbotnetdiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Writes file to system bin folder 1 TTPs 2 IoCs

Processes

  • /tmp/d00e880bfd7598454a0a8e60cbae6f66.elf
    /tmp/d00e880bfd7598454a0a8e60cbae6f66.elf
    1⤵
      PID:328

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Hijack Execution Flow

    1
    T1574

    Privilege Escalation

    Hijack Execution Flow

    1
    T1574

    Defense Evasion

    Impair Defenses

    1
    T1562

    Hijack Execution Flow

    1
    T1574

    Credential Access

    Discovery

    Network Service Scanning

    1
    T1046

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/328-1-0x00400000-0x00452a58-memory.dmp
      Download