mirai | 2af04b44bbdd90dca6f2c4ba26269f2ebe1626f7967b651e276ddc869c086b72 | Triage

Submit
Reports

Overview

overview

Static

static

7

7a3a141da6...1d.elf

debian-9-mipsel

Sharing

General

Target

47b6d35e402f464f362e32d728f9b0b1.bin
Size

30KB
Sample

240326-chnhzsbf73
MD5

d0ac28218027919a766c7215253826ed
SHA1

2263963d24c34b626289628b5b1874f78582ac70
SHA256

2af04b44bbdd90dca6f2c4ba26269f2ebe1626f7967b651e276ddc869c086b72
SHA512

4b96910efad27cb0eb62c22828f118dc90f4ed810f734883f0e86945b8673988ff8838042ea16677f95af06842d22db7995750c2ed69aa4633f049ac8a99a432
SSDEEP

384:YHp7V9LgTkgi+hb9J5wRq2Y9zhLV1TBIDoGZJwjpk7vdB/R563qP9jor08QFvbqw:o7rV+PJK0LDV1ImOlNR50qPhNJpbqJA9

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d.elf

Resource

debian9-mipsel-20240226-en

mirai lzrd botnet discovery

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d.elf
- Size
  
  31KB
- MD5
  
  47b6d35e402f464f362e32d728f9b0b1
- SHA1
  
  4a2b566ccf3bacaacaecf9408594114da0141325
- SHA256
  
  7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d
- SHA512
  
  906772b0f1bb418a63b3c46b2978302e6febbc3c45b5eed81392a1acf201358a4c564c354f67235053f11a0a898a41a3237079336b3fd2dfe49f8668e8c3f33c
- SSDEEP
  
  384:/n6Ppdqf3I54hJulN7s1kNYTA/fKiFs4V9B6f8Oj0bCwFtNKpugmQ/zTRWGVCz0m:P4YuDs1kNJ/fKiFUf8OGCgG/bdWJ
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20713) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy