Overview

overview

10

Static

static

7

bfabbc25ae...a5.elf

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    08-04-2024 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfabbc25aec15c96e0a1c72dfa1680a5.elf

  • Size

    20KB

  • MD5

    bfabbc25aec15c96e0a1c72dfa1680a5

  • SHA1

    a18a964d089b5c40ae36efe6b313dcbad5add234

  • SHA256

    44f8519aa43c7f6e97c7881e47113d20918e4a0ef2a9bc4c0f36518ffa6ab9ef

  • SHA512

    e2cfdc6dd02b80b5a4cde1424cfdf2e12219c1d70844339ed823de30620634517a8da5da0c3dba0517ce05dbfe3f4d714ad171cbc50a8c684e4d8543c1bf5712

  • SSDEEP

    384:M0DLpj8s/qPui8uZxoIA57RWQjJiEVi+Zk1admTb+502F2vwA9dWuMW21bAK1oTw:x98o08kxofBE+Zk1aITbp2F2TWul0c5k

Score
10/10
mirailzrdbotnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/bfabbc25aec15c96e0a1c72dfa1680a5.elf
    /tmp/bfabbc25aec15c96e0a1c72dfa1680a5.elf
    1⤵
      PID:1584

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Hijack Execution Flow

    1
    T1574

    Privilege Escalation

    Hijack Execution Flow

    1
    T1574

    Defense Evasion

    Impair Defenses

    1
    T1562

    Hijack Execution Flow

    1
    T1574

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1584-1-0x0000000008048000-0x00000000080547a0-memory.dmp
      Download