mirai | 31b8395874d65fe35d873e436d224fc5c309d50b4324bdb7c8b8bb21f0de6e62 | Triage

Sharing

General

Target

1543-1-0x0000000000400000-0x000000000050de48-memory.dmp
Size

52KB
Sample

240407-gr3rgsfb43
MD5

082d7cf906979acce0a2e9cacb44aa68
SHA1

c42c1c5d943376a8b10cf2563d5963b6d88c2daa
SHA256

31b8395874d65fe35d873e436d224fc5c309d50b4324bdb7c8b8bb21f0de6e62
SHA512

a454f3c1a4746a7564b506dbab5ef306cca20ef8a4b7e9781a66ab7e52d93265a4cc8689a5b0f1c764d39e8629943ad778ce24514b5ab081b537ac92204afee8
SSDEEP

1536:+fHlPDdJaEcLAeF9TUDWog1HHJYC0QkiuVn4Pq:IHlPZMEcTFZ2A1HHJp0hVn4Pq

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1543-1-0x0000000000400000-0x000000000050de48-memory.dmp
- Size
  
  52KB
- MD5
  
  082d7cf906979acce0a2e9cacb44aa68
- SHA1
  
  c42c1c5d943376a8b10cf2563d5963b6d88c2daa
- SHA256
  
  31b8395874d65fe35d873e436d224fc5c309d50b4324bdb7c8b8bb21f0de6e62
- SHA512
  
  a454f3c1a4746a7564b506dbab5ef306cca20ef8a4b7e9781a66ab7e52d93265a4cc8689a5b0f1c764d39e8629943ad778ce24514b5ab081b537ac92204afee8
- SSDEEP
  
  1536:+fHlPDdJaEcLAeF9TUDWog1HHJYC0QkiuVn4Pq:IHlPZMEcTFZ2A1HHJp0hVn4Pq
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1