mirai | 2da656b3eb530d43e2943440d5b2d52e978f45b15342e66b2eda3dc281b32a7e | Triage

Sharing

General

Target

695-1-0x00400000-0x00451a58-memory.dmp
Size

69KB
Sample

240325-ncd8xaha5z
MD5

dcc5551889fcebb06987692037941060
SHA1

1179a5f7194c73bce72581ae7387c24aec56434c
SHA256

2da656b3eb530d43e2943440d5b2d52e978f45b15342e66b2eda3dc281b32a7e
SHA512

a455e561c21448a056add468fb15aa120359a85d2b9eef4177292f879eac1a7d069e2681b6acb24f67858ed2d7155036b7fc354f3026e61022494d798fb04748
SSDEEP

768:kZmnnogDILQHYLQHPVVMr4mgYVVMwKykNVVM6r+g/RtrVSYogDOsS5siv5XLatA2:BnN4ZH2SyOyuIq8LMEIUq+cvtpvXzXLe

Score

10^/10

mirai lzrd

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  695-1-0x00400000-0x00451a58-memory.dmp
- Size
  
  69KB
- MD5
  
  dcc5551889fcebb06987692037941060
- SHA1
  
  1179a5f7194c73bce72581ae7387c24aec56434c
- SHA256
  
  2da656b3eb530d43e2943440d5b2d52e978f45b15342e66b2eda3dc281b32a7e
- SHA512
  
  a455e561c21448a056add468fb15aa120359a85d2b9eef4177292f879eac1a7d069e2681b6acb24f67858ed2d7155036b7fc354f3026e61022494d798fb04748
- SSDEEP
  
  768:kZmnnogDILQHYLQHPVVMr4mgYVVMwKykNVVM6r+g/RtrVSYogDOsS5siv5XLatA2:BnN4ZH2SyOyuIq8LMEIUq+cvtpvXzXLe
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1