Overview

overview

10

Static

static

10

27ff16ff99...6f9574

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    27ff16ff99021adc57530365bc6f9574

  • Size

    64KB

  • Sample

    231219-2qnw6achdl

  • MD5

    27ff16ff99021adc57530365bc6f9574

  • SHA1

    fa8ba28cbe88932e54fccc80625ccfd9c10d7c87

  • SHA256

    9b74dc40279c1cc6ed2d717e3d9108549407b413ce3dfbee97b44fdce802e993

  • SHA512

    9b75fa027d8fe873eaac2e3277852a32050cd5ba794fc02c2d32691085006b43310053ca007ac256e0c86e640f5417e0b30d029e3321a2810d4b31bfe04b11d4

  • SSDEEP

    1536:+Y946QWtBrYQPNseLL337hiUguESWuX/MMOCs2qg6U4e:N46QWtBrYQPNsef9iB5SWs/dOC3qR9e

Score
10/10
mirailzrddiscoverylinux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      27ff16ff99021adc57530365bc6f9574

    • Size

      64KB

    • MD5

      27ff16ff99021adc57530365bc6f9574

    • SHA1

      fa8ba28cbe88932e54fccc80625ccfd9c10d7c87

    • SHA256

      9b74dc40279c1cc6ed2d717e3d9108549407b413ce3dfbee97b44fdce802e993

    • SHA512

      9b75fa027d8fe873eaac2e3277852a32050cd5ba794fc02c2d32691085006b43310053ca007ac256e0c86e640f5417e0b30d029e3321a2810d4b31bfe04b11d4

    • SSDEEP

      1536:+Y946QWtBrYQPNseLL337hiUguESWuX/MMOCs2qg6U4e:N46QWtBrYQPNsef9iB5SWs/dOC3qR9e

    Score
    9/10
    discovery

    • Contacts a large (20309) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks