mirai | 2106825ef862d5d7cc20a92f9f2362850a2944a16e07b4a53377d7e48160e468 | Triage

Submit
Reports

Overview

overview

Static

static

7

fbbc508563...kes118

debian-9-armhf

Sharing

General

Target

fbbc5085633d7caf1d2e8a8ebc1d6392_JaffaCakes118
Size

52KB
Sample

240420-c2kansfb2y
MD5

fbbc5085633d7caf1d2e8a8ebc1d6392
SHA1

8a454133fb9a91a992a513dbd54744b6779a98cc
SHA256

2106825ef862d5d7cc20a92f9f2362850a2944a16e07b4a53377d7e48160e468
SHA512

209e05a3d79de5aa23a772e49e1a73f2e6e1dfdbf687db48c5294780b45b70cd627229d7c8c9a904d94acbad16968e14fb1022d2e2ad62c0cceb368969c96c7a
SSDEEP

768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLr4bq9q3UELbOs8qQ:/M84ISRX63dZQbS5rzZqfLIVmWjB

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fbbc5085633d7caf1d2e8a8ebc1d6392_JaffaCakes118

Resource

debian9-armhf-20240226-en

mirai lzrd botnet discovery

debian-9-armhf

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  fbbc5085633d7caf1d2e8a8ebc1d6392_JaffaCakes118
- Size
  
  52KB
- MD5
  
  fbbc5085633d7caf1d2e8a8ebc1d6392
- SHA1
  
  8a454133fb9a91a992a513dbd54744b6779a98cc
- SHA256
  
  2106825ef862d5d7cc20a92f9f2362850a2944a16e07b4a53377d7e48160e468
- SHA512
  
  209e05a3d79de5aa23a772e49e1a73f2e6e1dfdbf687db48c5294780b45b70cd627229d7c8c9a904d94acbad16968e14fb1022d2e2ad62c0cceb368969c96c7a
- SSDEEP
  
  768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLr4bq9q3UELbOs8qQ:/M84ISRX63dZQbS5rzZqfLIVmWjB
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20546) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy