mirai | 77233d4e7897b4d2e102e61a91affeb0544d3863472a8c84be36e3ff3345e04f | Triage

Sharing

General

Target

1575-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

240308-2kt6zsab8z
MD5

a53a2cf358bc6b1bf51be044888c171b
SHA1

8be09babae68d227ddeed04f5a8ac39dacbf080a
SHA256

77233d4e7897b4d2e102e61a91affeb0544d3863472a8c84be36e3ff3345e04f
SHA512

7a8d7886094cc7c1d1a915f1dfe5d5a96ad50758927a734368aa427434c8acb8494d066abe2d37d33f8e900742176344f1098d239eadc03b7bedde20671580d1
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2ipeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iH

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1575-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  a53a2cf358bc6b1bf51be044888c171b
- SHA1
  
  8be09babae68d227ddeed04f5a8ac39dacbf080a
- SHA256
  
  77233d4e7897b4d2e102e61a91affeb0544d3863472a8c84be36e3ff3345e04f
- SHA512
  
  7a8d7886094cc7c1d1a915f1dfe5d5a96ad50758927a734368aa427434c8acb8494d066abe2d37d33f8e900742176344f1098d239eadc03b7bedde20671580d1
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2ipeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iH
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1