Overview

overview

10

Static

static

7

aed49bccde...1c.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aed49bccdeca28913942f2362217d11c.elf

  • Size

    45KB

  • Sample

    230603-z8fmdsaf3x

  • MD5

    aed49bccdeca28913942f2362217d11c

  • SHA1

    7b01805655ee5ec0379b2d3251b325675d72561d

  • SHA256

    15749284972ee3fc0e8534905f666b27722020b49090ea08a04ea2eb46628ebb

  • SHA512

    db86c7ace384d2f413e8d9e4ae28713e42d9e61de9430981926814a905dcdac0c3353bc41bc3f3d42dfb4b0e259f890902917c34963e4ad7bcbec178b38a6bd4

  • SSDEEP

    768:JW2myW5zrY3m+KDOtELVpuyUEQNIM4ZktwkVlXFbkdzxll9q3UELMIk9r/e/lQMv:A7d5zrY3mVqtSEyUE0IM4Fk7Fbkdzv4x

Score
10/10
mirailzrdbotnetdiscoveryupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      aed49bccdeca28913942f2362217d11c.elf

    • Size

      45KB

    • MD5

      aed49bccdeca28913942f2362217d11c

    • SHA1

      7b01805655ee5ec0379b2d3251b325675d72561d

    • SHA256

      15749284972ee3fc0e8534905f666b27722020b49090ea08a04ea2eb46628ebb

    • SHA512

      db86c7ace384d2f413e8d9e4ae28713e42d9e61de9430981926814a905dcdac0c3353bc41bc3f3d42dfb4b0e259f890902917c34963e4ad7bcbec178b38a6bd4

    • SSDEEP

      768:JW2myW5zrY3m+KDOtELVpuyUEQNIM4ZktwkVlXFbkdzxll9q3UELMIk9r/e/lQMv:A7d5zrY3mVqtSEyUE0IM4Fk7Fbkdzv4x

    Score
    10/10
    mirailzrdbotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Network Service Scanning

1
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks