mirai | e2ce976b4302436357ff9fe030248edf2a0ef3d18fdb58931aa3ead2be28f29c | Triage

Submit
Reports

Overview

overview

Static

static

7

fdf78c3779...kes118

debian-9-mips

Sharing

General

Target

fdf78c3779ce1cdf9414ec20752146c6_JaffaCakes118
Size

30KB
Sample

240421-ad4y3adf43
MD5

fdf78c3779ce1cdf9414ec20752146c6
SHA1

a878ddb0e9a7240b5c5bb66d5dacd255839fb0c4
SHA256

e2ce976b4302436357ff9fe030248edf2a0ef3d18fdb58931aa3ead2be28f29c
SHA512

df9b129ba1f40b27d009fe1554ec269ca9f6a93a51ab0ab2660476b7a905288e83c88eecb198ab41e63ee2754344c743fa1e8341fee87659763dfd0c2f4e21c6
SSDEEP

768:vyvYLznDEB2iC+sDwChyxNkvzY8HqltXwJgGlzDpbuR1J1:WYnnDEBI+sUyyx2VHrVJuz

Score

10^/10

mirai lzrd botnet discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fdf78c3779ce1cdf9414ec20752146c6_JaffaCakes118

Resource

debian9-mipsbe-20240226-en

mirai lzrd botnet discovery

debian-9-mips

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  fdf78c3779ce1cdf9414ec20752146c6_JaffaCakes118
- Size
  
  30KB
- MD5
  
  fdf78c3779ce1cdf9414ec20752146c6
- SHA1
  
  a878ddb0e9a7240b5c5bb66d5dacd255839fb0c4
- SHA256
  
  e2ce976b4302436357ff9fe030248edf2a0ef3d18fdb58931aa3ead2be28f29c
- SHA512
  
  df9b129ba1f40b27d009fe1554ec269ca9f6a93a51ab0ab2660476b7a905288e83c88eecb198ab41e63ee2754344c743fa1e8341fee87659763dfd0c2f4e21c6
- SSDEEP
  
  768:vyvYLznDEB2iC+sDwChyxNkvzY8HqltXwJgGlzDpbuR1J1:WYnnDEBI+sUyyx2VHrVJuz
Score

10^/10

mirai lzrd botnet discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Contacts a large (20563) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnetdiscovery

© 2018-2024

Terms | Privacy