mirai | 170e7226c064bd77b2582c20bac31cb4ae964d5ec23b54165401a3ab0551408b | Triage

Submit
Reports

Overview

overview

Static

static

7

xd.arm7.elf

debian-9-armhf

Sharing

General

Target

xd.arm7.elf
Size

52KB
Sample

231002-nz5z5shh6v
MD5

fabc720108a88836b1c89fceba5f8bd5
SHA1

723150e31d1828a05631dec2567fb62534a67a40
SHA256

170e7226c064bd77b2582c20bac31cb4ae964d5ec23b54165401a3ab0551408b
SHA512

5698ea6cbd5176246ae17e985323458128dbea733a258eabbed5b8c7ff07df3421b6c3013f460c997a18d5f141abf41139e9ecc0da52dc54aec3ec62995ee4ca
SSDEEP

768:BMte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLrN9q3UELbOs8qMLw:BM84ISRX63dZQbS5rzZgLIVmWjI

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

xd.arm7.elf

Resource

debian9-armhf-en-20211208

mirai lzrd botnet discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  xd.arm7.elf
- Size
  
  52KB
- MD5
  
  fabc720108a88836b1c89fceba5f8bd5
- SHA1
  
  723150e31d1828a05631dec2567fb62534a67a40
- SHA256
  
  170e7226c064bd77b2582c20bac31cb4ae964d5ec23b54165401a3ab0551408b
- SHA512
  
  5698ea6cbd5176246ae17e985323458128dbea733a258eabbed5b8c7ff07df3421b6c3013f460c997a18d5f141abf41139e9ecc0da52dc54aec3ec62995ee4ca
- SSDEEP
  
  768:BMte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLrN9q3UELbOs8qMLw:BM84ISRX63dZQbS5rzZgLIVmWjI
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (18255) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy