mirai | c056ed1642c1465ea5b8730c4cf94627dc8a8c458854725d9a611d21a3f2e110

Analysis

max time kernel
151s
max time network
151s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
04/07/2023, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f67c5a60065df491ee34c92909369c3f15370637e6826c1b04de5cfb4d0d7bc.elf
Size

45KB
MD5

edd00ce92705bb7ff02ff27f374aa52d
SHA1

e7aefe2f51d4f9bf642b158d455d5d08b6698a1c
SHA256

7f67c5a60065df491ee34c92909369c3f15370637e6826c1b04de5cfb4d0d7bc
SHA512

e5b938da8e84fb8a1501f31baedbc9a9054c6c9b28b9aa359b72e4d2ff8562ec819f9cf93a61d047b8c099c281d12857aeb5b52de50ad5a746aaa219250d38cd
SSDEEP

768:g/TYCoIxdEk+AxoTZAZHFeq8b369q3UELbUXfi6nVMQHI4vcGpvO:gECFd+A6YHAxvLRQZO

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/sbin/watchdog
File opened for modification	/bin/watchdog

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	7f67c5a60065df491ee34c92909369c3f15370637e6826c1b04de5cfb4d0d7bc.elf

/tmp/7f67c5a60065df491ee34c92909369c3f15370637e6826c1b04de5cfb4d0d7bc.elf
/tmp/7f67c5a60065df491ee34c92909369c3f15370637e6826c1b04de5cfb4d0d7bc.elf
1⤵
- Reads runtime system information
PID:355

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads