mirai | 2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84 | Triage

Sharing

General

Target

2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84.elf
Size

126KB
Sample

240212-eajwyaec3z
MD5

28ec7b62f2c47abb516aa702264173de
SHA1

bec3a7869fb7eb04653e10004684260991c72460
SHA256

2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84
SHA512

911dfec06e8b60d3d06ebb1f856528a538f362803a4de65afbcf6b02b069042fe9e95bdba2af64840672ccc6fd98364c24aa00554b6ddcf99af32939e901e246
SSDEEP

3072:cowpuQyNSG7Ra1styK9flTQPHo1rScVM/9SAvjik:cowpuQyNSG1a1styKdlTuI1rSmM/9bvV

Score

10^/10

mirai lzrd

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84.elf
- Size
  
  126KB
- MD5
  
  28ec7b62f2c47abb516aa702264173de
- SHA1
  
  bec3a7869fb7eb04653e10004684260991c72460
- SHA256
  
  2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84
- SHA512
  
  911dfec06e8b60d3d06ebb1f856528a538f362803a4de65afbcf6b02b069042fe9e95bdba2af64840672ccc6fd98364c24aa00554b6ddcf99af32939e901e246
- SSDEEP
  
  3072:cowpuQyNSG7Ra1styK9flTQPHo1rScVM/9SAvjik:cowpuQyNSG1a1styKdlTuI1rSmM/9bvV
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1