mirai | 4cc49fd48943363191e92cd1f591a8b7e12293a6ae2c4cbe71d1b80f2cc49830 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

367-1-0x00008000-0x00026464-memory.dmp
Size

76KB
Sample

230818-sdsj5sah85
MD5

2573b5380400d75ce6df62c677695fb7
SHA1

caa6cea4450bc3d93d54dc7395932442d4768885
SHA256

4cc49fd48943363191e92cd1f591a8b7e12293a6ae2c4cbe71d1b80f2cc49830
SHA512

09e0479e254c3bea3655ee2c47a75fe5bd36dc4a899e6777226ad893acf6d3342cc97ccf278e5cecf54bfb238e4a042d99195e63fd0bf55b82c957d1f55d880f
SSDEEP

1536:TJnF9sFw8gu6+wyKaw1KpIPrbvr/6Ra1styKtI8ll5BihwlTQP+8oN:RowpuQyNSG2eRa1styK9flTQPHo

Score

10^/10

mirai lzrd discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  367-1-0x00008000-0x00026464-memory.dmp
- Size
  
  76KB
- MD5
  
  2573b5380400d75ce6df62c677695fb7
- SHA1
  
  caa6cea4450bc3d93d54dc7395932442d4768885
- SHA256
  
  4cc49fd48943363191e92cd1f591a8b7e12293a6ae2c4cbe71d1b80f2cc49830
- SHA512
  
  09e0479e254c3bea3655ee2c47a75fe5bd36dc4a899e6777226ad893acf6d3342cc97ccf278e5cecf54bfb238e4a042d99195e63fd0bf55b82c957d1f55d880f
- SSDEEP
  
  1536:TJnF9sFw8gu6+wyKaw1KpIPrbvr/6Ra1styKtI8ll5BihwlTQP+8oN:RowpuQyNSG2eRa1styK9flTQPHo
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1