mirai | bea2c6c2bfa90fe73ff454c4e2a140eabdd51c44d5f91ea40574932a69996447 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0243e269ba76ba26860f05c98c3dee88
Size

94KB
Sample

231219-197myaegbm
MD5

0243e269ba76ba26860f05c98c3dee88
SHA1

897c59e3c19cf619ceffb764acd94756f779ad59
SHA256

bea2c6c2bfa90fe73ff454c4e2a140eabdd51c44d5f91ea40574932a69996447
SHA512

a985f1adb3f234dfe8f5fe7cbe5040b45e6c7f9daed9f40f8338a46f9ef9f57f64976324e327b09c68054bd4705e1d182116c30cf9a541a6987e1770b0bc0936
SSDEEP

1536:GntGB7XO1+NJTx/dGrpib3v78wUVO9q7:qtGB7XNJTNx8n7

Score

10^/10

mirai lzrd discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  0243e269ba76ba26860f05c98c3dee88
- Size
  
  94KB
- MD5
  
  0243e269ba76ba26860f05c98c3dee88
- SHA1
  
  897c59e3c19cf619ceffb764acd94756f779ad59
- SHA256
  
  bea2c6c2bfa90fe73ff454c4e2a140eabdd51c44d5f91ea40574932a69996447
- SHA512
  
  a985f1adb3f234dfe8f5fe7cbe5040b45e6c7f9daed9f40f8338a46f9ef9f57f64976324e327b09c68054bd4705e1d182116c30cf9a541a6987e1770b0bc0936
- SSDEEP
  
  1536:GntGB7XO1+NJTx/dGrpib3v78wUVO9q7:qtGB7XNJTNx8n7
Score

9^/10

discovery
- Contacts a large (10142) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1