mirai | ef1a8feda056bc9856f40650de74ad34db26af38c048bab44e71a4a2c898dc13 | Triage

Sharing

General

Target

boatnet.arm.elf
Size

54KB
Sample

240221-tagh5sad7z
MD5

58485938d8a5b3b1e76e4b8a0005b079
SHA1

de4788c3fbd547f29ef74c97e6a1705f8cd1cd97
SHA256

ef1a8feda056bc9856f40650de74ad34db26af38c048bab44e71a4a2c898dc13
SHA512

f2568ca9f8ff3930d2385550bec4f422e8e9e098a1e6268d866fa958d5af5765f6321266f20ec50a64a7856c1678c3397f1422bcafcaf7ea5f43864e2383b33f
SSDEEP

768:raehM993TLSmRTIrL8Fvvhp9H0HrZQ8yoWXagcLVPWtuQ/C71mA2EDEy0eYjW9TF:/M99jmL8BZp9IFUoWKdYuvQ5KIqkypZ

Score

10^/10

mirai lzrd

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.arm.elf
- Size
  
  54KB
- MD5
  
  58485938d8a5b3b1e76e4b8a0005b079
- SHA1
  
  de4788c3fbd547f29ef74c97e6a1705f8cd1cd97
- SHA256
  
  ef1a8feda056bc9856f40650de74ad34db26af38c048bab44e71a4a2c898dc13
- SHA512
  
  f2568ca9f8ff3930d2385550bec4f422e8e9e098a1e6268d866fa958d5af5765f6321266f20ec50a64a7856c1678c3397f1422bcafcaf7ea5f43864e2383b33f
- SSDEEP
  
  768:raehM993TLSmRTIrL8Fvvhp9H0HrZQ8yoWXagcLVPWtuQ/C71mA2EDEy0eYjW9TF:/M99jmL8BZp9IFUoWKdYuvQ5KIqkypZ
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1