mirai | 309ebaea017ecfdffe280705df69616f3c963116017cf182127644db9322aa64 | Triage

Sharing

General

Target

1559-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

240310-xy4kcsad73
MD5

1beb4d7d33e61faf15f6e8180c5d05c3
SHA1

ced7065d76e3a59444aadf267442b32b570d4931
SHA256

309ebaea017ecfdffe280705df69616f3c963116017cf182127644db9322aa64
SHA512

89b0bb2e054c8e1b32ba4503b178aa35b7f1c083d09b885b0ba12eecea30a69abdb62f86037befbb3a74bc9f14ef8930253120520f07d068aa37a2b6d03a960a
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGnJv/4QwLbn2iFeg:Gv4QPfZfW5XTOeoEzJvAQwv2iD

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1559-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  1beb4d7d33e61faf15f6e8180c5d05c3
- SHA1
  
  ced7065d76e3a59444aadf267442b32b570d4931
- SHA256
  
  309ebaea017ecfdffe280705df69616f3c963116017cf182127644db9322aa64
- SHA512
  
  89b0bb2e054c8e1b32ba4503b178aa35b7f1c083d09b885b0ba12eecea30a69abdb62f86037befbb3a74bc9f14ef8930253120520f07d068aa37a2b6d03a960a
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGnJv/4QwLbn2iFeg:Gv4QPfZfW5XTOeoEzJvAQwv2iD
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1