mirai | 065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c

Analysis

max time kernel
149s
max time network
6s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
11-03-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
Size

23KB
MD5

f150541f0b605488f47cca50fc0ccf39
SHA1

5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa
SHA256

065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c
SHA512

27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325
SSDEEP

384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Processes:

description ioc

File opened for modification /dev/watchdog
File opened for modification /dev/misc/watchdog
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

File opened for modification /bin/watchdog
File opened for modification /sbin/watchdog

description	ioc
File opened for modification	/dev/watchdog
File opened for modification	/dev/misc/watchdog

description	ioc
File opened for modification	/bin/watchdog
File opened for modification	/sbin/watchdog

Reads runtime system information 22 IoCs

Reads data from /proc virtual filesystem.

Processes:

description	ioc
File opened for reading	/proc/808/cmdline
File opened for reading	/proc/644/cmdline
File opened for reading	/proc/690/cmdline
File opened for reading	/proc/710/cmdline
File opened for reading	/proc/714/cmdline
File opened for reading	/proc/749/cmdline
File opened for reading	/proc/793/cmdline
File opened for reading	/proc/422/cmdline
File opened for reading	/proc/658/cmdline
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/721/cmdline
File opened for reading	/proc/772/cmdline
File opened for reading	/proc/676/cmdline
File opened for reading	/proc/705/cmdline
File opened for reading	/proc/776/cmdline
File opened for reading	/proc/784/cmdline
File opened for reading	/proc/677/cmdline
File opened for reading	/proc/704/cmdline
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/715/cmdline
File opened for reading	/proc/739/cmdline
File opened for reading	/proc/792/cmdline

/tmp/065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
/tmp/065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
1⤵
PID:711

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/711-1-0x00400000-0x00451a58-memory.dmp

Download