mirai | 532e772150be62bac0323e703fcdb318395253449f20d60aa949f0d14673bf1b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

1c060063aa...bbea44

debian-9-mipsel

Sharing

General

Target

1c060063aa33aff7d5be3b2fadbbea44
Size

28KB
Sample

231219-2k589aahgm
MD5

1c060063aa33aff7d5be3b2fadbbea44
SHA1

c43608e0f89433856965b1911c8ab3784bb560e4
SHA256

532e772150be62bac0323e703fcdb318395253449f20d60aa949f0d14673bf1b
SHA512

382b97bae6a4f0ce903d7e674b286f7bb7e4513599752333bef653b679d9fddb175191e8eeaafefc3e2bd9aad3cdad64335e33545f5ba92dad72d1bdc0622676
SSDEEP

768:pojR+gTBF3eCOw1eiPOFhIHhhqq4PSlWMKl:AR1F3UiP+uvqq4PSk

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1c060063aa33aff7d5be3b2fadbbea44

Resource

debian9-mipsel-20231215-en

mirai lzrd botnet discovery

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1c060063aa33aff7d5be3b2fadbbea44
- Size
  
  28KB
- MD5
  
  1c060063aa33aff7d5be3b2fadbbea44
- SHA1
  
  c43608e0f89433856965b1911c8ab3784bb560e4
- SHA256
  
  532e772150be62bac0323e703fcdb318395253449f20d60aa949f0d14673bf1b
- SHA512
  
  382b97bae6a4f0ce903d7e674b286f7bb7e4513599752333bef653b679d9fddb175191e8eeaafefc3e2bd9aad3cdad64335e33545f5ba92dad72d1bdc0622676
- SSDEEP
  
  768:pojR+gTBF3eCOw1eiPOFhIHhhqq4PSlWMKl:AR1F3UiP+uvqq4PSk
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (13165) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2025

Terms | Privacy