mirai | 848f8cda70b3448bafefc7f6aad7dbd4f4558b6a91bfaed80728fb613d38d6e5 | Triage

Sharing

General

Target

dc65c7770d1bfbc3a943fb0225beb695
Size

126KB
Sample

240321-xwlxjafg45
MD5

dc65c7770d1bfbc3a943fb0225beb695
SHA1

c4c3f180bf5a5042e845950c1f7b43b41da544a3
SHA256

848f8cda70b3448bafefc7f6aad7dbd4f4558b6a91bfaed80728fb613d38d6e5
SHA512

b3f24a440b82bf06b623a590ab929aeaad544e51b899cd8f3f3349a8ca7b45ebb4d7eb523a8a8dbe66fd94d49313dda7ec7655f580f2576fb39b0ef6bf5cf1cf
SSDEEP

3072:sHGGqzueMdgNeYoQ1SN1j04z+kdjUDmKE3ET:smGquXkeYoQ1SvhgD2o

Score

10^/10

mirai lzrd discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  dc65c7770d1bfbc3a943fb0225beb695
- Size
  
  126KB
- MD5
  
  dc65c7770d1bfbc3a943fb0225beb695
- SHA1
  
  c4c3f180bf5a5042e845950c1f7b43b41da544a3
- SHA256
  
  848f8cda70b3448bafefc7f6aad7dbd4f4558b6a91bfaed80728fb613d38d6e5
- SHA512
  
  b3f24a440b82bf06b623a590ab929aeaad544e51b899cd8f3f3349a8ca7b45ebb4d7eb523a8a8dbe66fd94d49313dda7ec7655f580f2576fb39b0ef6bf5cf1cf
- SSDEEP
  
  3072:sHGGqzueMdgNeYoQ1SN1j04z+kdjUDmKE3ET:smGquXkeYoQ1SvhgD2o
Score

9^/10

discovery
- Contacts a large (423808) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1