Overview

overview

10

Static

static

7

10dea47898...bd.elf

debian-9-mipsel

10

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel-en-20211208
  • resource tags

    arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    03-06-2023 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10dea478986aae1c5ca52e5d9e6345bd.elf

  • Size

    24KB

  • MD5

    10dea478986aae1c5ca52e5d9e6345bd

  • SHA1

    7b2fd5081048a9e8fc7bfea79560ea707b9fc518

  • SHA256

    7db4e436786b96ec67b004f2a758e2365dbc1900cd505d1a9aaa23b7e3ebe001

  • SHA512

    e15eea0c2dcd3b7c60105ac526b03284a0b07702c85210e67f85f0dcc29b50aee12d2efdf88c854bf9556fed6ceb53046a124dd377c47c10ff8207d69db47273

  • SSDEEP

    768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpeEZqSWv3:4QlS07FUXqIYSXQKque8q/

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs

Processes

  • /tmp/10dea478986aae1c5ca52e5d9e6345bd.elf
    /tmp/10dea478986aae1c5ca52e5d9e6345bd.elf
    1⤵
      PID:329

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Hijack Execution Flow

    1
    T1574

    Privilege Escalation

    Hijack Execution Flow

    1
    T1574

    Defense Evasion

    Impair Defenses

    1
    T1562

    Hijack Execution Flow

    1
    T1574

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/329-1-0x00400000-0x00452a58-memory.dmp
      Download