mirai | 35e4edbdc94ca4ca6a07c240f899dadf7964cd6340f1ff59b2539a7fcad3ec6a | Triage

Sharing

General

Target

373-1-0x00008000-0x00026464-memory.dmp
Size

76KB
Sample

230930-2va6vshc95
MD5

872f82146771a2d1df909847a6b7cd34
SHA1

bcfb47805188281d1b61ad573d6dc9c91742f69d
SHA256

35e4edbdc94ca4ca6a07c240f899dadf7964cd6340f1ff59b2539a7fcad3ec6a
SHA512

7c757e88f0df6539e830bec34f7f838ab63b35fc5b49aca5f3e40bc4de3c902499dd58db3713beb38ba6d494f54bf01fb604ff019f975bddb848bcbab61bb9aa
SSDEEP

1536:TJnF9sFw8gu6+wyKaw1KpIPrbvr/6Ra1styKtI8ll5BihwlTQP+8oY:RowpuQyNSG2eRa1styK9flTQPHo

Score

10^/10

mirai lzrd

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  373-1-0x00008000-0x00026464-memory.dmp
- Size
  
  76KB
- MD5
  
  872f82146771a2d1df909847a6b7cd34
- SHA1
  
  bcfb47805188281d1b61ad573d6dc9c91742f69d
- SHA256
  
  35e4edbdc94ca4ca6a07c240f899dadf7964cd6340f1ff59b2539a7fcad3ec6a
- SHA512
  
  7c757e88f0df6539e830bec34f7f838ab63b35fc5b49aca5f3e40bc4de3c902499dd58db3713beb38ba6d494f54bf01fb604ff019f975bddb848bcbab61bb9aa
- SSDEEP
  
  1536:TJnF9sFw8gu6+wyKaw1KpIPrbvr/6Ra1styKtI8ll5BihwlTQP+8oY:RowpuQyNSG2eRa1styK9flTQPHo
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1