mirai | f513ae957a71a45e6f9c9accb57be791c69e99bf16832fa2453b11561939b875 | Triage

Submit
Reports

Overview

overview

Static

static

dbd6190200...76.elf

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

Target

05cf17a867bf0d75023518b5152ecf80.bin
Size

30KB
Sample

230716-bc6xpsda5v
MD5

1262b628ed76617fcaa6741dce366971
SHA1

a759e947b5089ceb2f81563fece887244dcc673e
SHA256

f513ae957a71a45e6f9c9accb57be791c69e99bf16832fa2453b11561939b875
SHA512

e0821174221f15c044df6952695d095638c3e12fd3b48c9bfe1fe27cec6c7e549d2245e9443b2d84c1d7c1f634a91803ab79a39dc1f5fb1acecc681012175bd3
SSDEEP

768:QI0nakd80/1HAjxqdE+nnmmMY706mbvOA2AUU:cakd802jxQpmm978p2AR

Score

10^/10

mirai lzrd discovery linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dbd61902008081b2bd2ec0c626226c7130e9d3cba1eaab36d9d491ebdd64eb76.elf

Resource

ubuntu1804-amd64-20230712-en

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  dbd61902008081b2bd2ec0c626226c7130e9d3cba1eaab36d9d491ebdd64eb76.elf
- Size
  
  64KB
- MD5
  
  05cf17a867bf0d75023518b5152ecf80
- SHA1
  
  38e0def15f59382f9965f285eadc52790bd36941
- SHA256
  
  dbd61902008081b2bd2ec0c626226c7130e9d3cba1eaab36d9d491ebdd64eb76
- SHA512
  
  8bf769ad04ecbf6ce98337d39e3f22de200f914b84415dfa7457ffe45c611064dcf023fe42dc4593bb6ccb239406cf43ac7e196be67a4f35b607c7b44385558a
- SSDEEP
  
  1536:IIG9170vwHbQXZ5+qXDEuXi9aBSW7V/DjObeFt6PuQ4Z4:I917iwHbQXZ5+qXA59eSWZ/XObeb6GZZ
Score

9^/10

discovery
- Contacts a large (20891) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy