mirai | a50abe84e896949a9f2f603fd16fd176ded25fead38e55b2e4b7cb3dcbd44ad0 | Triage

Sharing

General

Target

599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

230708-vlf77afh28
MD5

f432d7e5b7766627af2f6c31b694b729
SHA1

128e3f86d6fabc5f89cc6759d926a52f728ea5d6
SHA256

a50abe84e896949a9f2f603fd16fd176ded25fead38e55b2e4b7cb3dcbd44ad0
SHA512

b5f23ad67258add1c8b1b74be920681cb6644e3dd5e7ecd6f6edb5157744e62172bcf053abef21a3b35026573651bf48f2fbb350a64ad49f6363af2872d3cc9d
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2iueA:Gv4QPfZfW5XTOeoEzJ7AQwf2i2

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  f432d7e5b7766627af2f6c31b694b729
- SHA1
  
  128e3f86d6fabc5f89cc6759d926a52f728ea5d6
- SHA256
  
  a50abe84e896949a9f2f603fd16fd176ded25fead38e55b2e4b7cb3dcbd44ad0
- SHA512
  
  b5f23ad67258add1c8b1b74be920681cb6644e3dd5e7ecd6f6edb5157744e62172bcf053abef21a3b35026573651bf48f2fbb350a64ad49f6363af2872d3cc9d
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2iueA:Gv4QPfZfW5XTOeoEzJ7AQwf2i2
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1