mirai | a0c11f5368c67e3a3f8ceb41d0ff2d1328786362394409819c6bc7f9ffb7c1d5 | Triage

Sharing

General

Target

1477-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

240321-kyn4fshd4w
MD5

cb03b0cd29e02bb6ae5b9b2f3e17ec4c
SHA1

668e971824e65308407dedf8b4f3e50ef5969634
SHA256

a0c11f5368c67e3a3f8ceb41d0ff2d1328786362394409819c6bc7f9ffb7c1d5
SHA512

3f86f51771c98bbc20780f18e1b8c6fb7cc9fe198a4ac64c3d82618c4dfd65db8e59cc86e5cb9b4a61166841c12860f3e431c9793307156b1e36db8b7070a8ad
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2ipeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iH

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1477-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  cb03b0cd29e02bb6ae5b9b2f3e17ec4c
- SHA1
  
  668e971824e65308407dedf8b4f3e50ef5969634
- SHA256
  
  a0c11f5368c67e3a3f8ceb41d0ff2d1328786362394409819c6bc7f9ffb7c1d5
- SHA512
  
  3f86f51771c98bbc20780f18e1b8c6fb7cc9fe198a4ac64c3d82618c4dfd65db8e59cc86e5cb9b4a61166841c12860f3e431c9793307156b1e36db8b7070a8ad
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2ipeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iH
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1