mirai | 7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d | Triage

Submit
Reports

Overview

overview

Static

static

7

47b6d35e40...b1.elf

debian-9-mipsel

Sharing

General

Target

47b6d35e402f464f362e32d728f9b0b1.elf
Size

31KB
Sample

240324-je9elsah52
MD5

47b6d35e402f464f362e32d728f9b0b1
SHA1

4a2b566ccf3bacaacaecf9408594114da0141325
SHA256

7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d
SHA512

906772b0f1bb418a63b3c46b2978302e6febbc3c45b5eed81392a1acf201358a4c564c354f67235053f11a0a898a41a3237079336b3fd2dfe49f8668e8c3f33c
SSDEEP

384:/n6Ppdqf3I54hJulN7s1kNYTA/fKiFs4V9B6f8Oj0bCwFtNKpugmQ/zTRWGVCz0m:P4YuDs1kNJ/fKiFUf8OGCgG/bdWJ

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

47b6d35e402f464f362e32d728f9b0b1.elf

Resource

debian9-mipsel-20240226-en

mirai lzrd botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  47b6d35e402f464f362e32d728f9b0b1.elf
- Size
  
  31KB
- MD5
  
  47b6d35e402f464f362e32d728f9b0b1
- SHA1
  
  4a2b566ccf3bacaacaecf9408594114da0141325
- SHA256
  
  7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d
- SHA512
  
  906772b0f1bb418a63b3c46b2978302e6febbc3c45b5eed81392a1acf201358a4c564c354f67235053f11a0a898a41a3237079336b3fd2dfe49f8668e8c3f33c
- SSDEEP
  
  384:/n6Ppdqf3I54hJulN7s1kNYTA/fKiFs4V9B6f8Oj0bCwFtNKpugmQ/zTRWGVCz0m:P4YuDs1kNJ/fKiFUf8OGCgG/bdWJ
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (19951) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy