mirai | 7fb7b0cb2109520ab3e4323d524a147ab67ec92cd9ad034b5672a24f87e4b766 | Triage

Sharing

General

Target

599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

230919-lzhthaac77
MD5

b68504ee17ea8446cc203f292401380e
SHA1

a6bf6fa355dc3eb9ec526be6d3c1ee870f8920e6
SHA256

7fb7b0cb2109520ab3e4323d524a147ab67ec92cd9ad034b5672a24f87e4b766
SHA512

f38b0261ffee93f10326c8c72de9bf241996ab4f397479ca61b9f0b74da253f8f973f5fb6917191f7044f41dd9d3c10643794927eb1058f0604f3019f407594a
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGAZq/4Qw7bn2iKeA:Gv4QPfZfW5XTOeoEz0qAQwf2iC

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  599-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  b68504ee17ea8446cc203f292401380e
- SHA1
  
  a6bf6fa355dc3eb9ec526be6d3c1ee870f8920e6
- SHA256
  
  7fb7b0cb2109520ab3e4323d524a147ab67ec92cd9ad034b5672a24f87e4b766
- SHA512
  
  f38b0261ffee93f10326c8c72de9bf241996ab4f397479ca61b9f0b74da253f8f973f5fb6917191f7044f41dd9d3c10643794927eb1058f0604f3019f407594a
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGAZq/4Qw7bn2iKeA:Gv4QPfZfW5XTOeoEz0qAQwf2iC
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1