mirai | 8077bb4ec400dca540d14eff742b3da14d709b0b9f49dc2968ee527a87c383d1 | Triage

Submit
Reports

Overview

overview

Static

static

f3daa8bd2e...kes118

debian-9-mips

9

Sharing

General

Target

f3daa8bd2ecba6ddbde6614d407b8c25_JaffaCakes118
Size

97KB
Sample

240416-ttb3rsgc2w
MD5

f3daa8bd2ecba6ddbde6614d407b8c25
SHA1

fd0aee1cf4428c3b35625116ac79babd4baf4ed7
SHA256

8077bb4ec400dca540d14eff742b3da14d709b0b9f49dc2968ee527a87c383d1
SHA512

0230ef365790cbc00cd8bb8bb3c5d41bc55d9b3e539ea1e65e0883b7379bee54f4132f425dfcfb4a7f5d087a00b77236cd77294011ceaadb963906115393d8aa
SSDEEP

3072:XDIkiGgcsQoeJP0r01ed6WP0qNuCd4aRP9:iU2Rd6WP0qNuCuMP9

Score

10^/10

mirai lzrd discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f3daa8bd2ecba6ddbde6614d407b8c25_JaffaCakes118

Resource

debian9-mipsbe-20240226-en

debian-9-mips

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  f3daa8bd2ecba6ddbde6614d407b8c25_JaffaCakes118
- Size
  
  97KB
- MD5
  
  f3daa8bd2ecba6ddbde6614d407b8c25
- SHA1
  
  fd0aee1cf4428c3b35625116ac79babd4baf4ed7
- SHA256
  
  8077bb4ec400dca540d14eff742b3da14d709b0b9f49dc2968ee527a87c383d1
- SHA512
  
  0230ef365790cbc00cd8bb8bb3c5d41bc55d9b3e539ea1e65e0883b7379bee54f4132f425dfcfb4a7f5d087a00b77236cd77294011ceaadb963906115393d8aa
- SSDEEP
  
  3072:XDIkiGgcsQoeJP0r01ed6WP0qNuCd4aRP9:iU2Rd6WP0qNuCuMP9
Score

9^/10

discovery
- Contacts a large (20669) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy