mirai | 7f2d4cab8e49cbf846b82be3a54d5ff5f499ceb94a09a3445c04bbb1d1b4af72 | Triage

Sharing

General

Target

1546-1-0x0000000008048000-0x00000000080558e8-memory.dmp
Size

52KB
Sample

240424-l6tvcagf8z
MD5

e09c5faa6cada81cab047c0fd3d49667
SHA1

eb2540d4edbcb3f5283f39dd874cb9d34eac0784
SHA256

7f2d4cab8e49cbf846b82be3a54d5ff5f499ceb94a09a3445c04bbb1d1b4af72
SHA512

64ef8a65fb7b0a82766488969d5d433af8877d55a68ce03c4ac8418404734c6e60aa0e8771e6e69eda7e1c3b2e7792365eaf84ba8c48a049bad374dd6b81e02a
SSDEEP

768:uGpjM9WF9ln3Hi8WX1gVHVMcV7gowbBnOvoElEb454vswyzT0IOCP/OPVzI5vs2:uGp2kln3Hi76V1yy3KUw8DePVc502

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1546-1-0x0000000008048000-0x00000000080558e8-memory.dmp
- Size
  
  52KB
- MD5
  
  e09c5faa6cada81cab047c0fd3d49667
- SHA1
  
  eb2540d4edbcb3f5283f39dd874cb9d34eac0784
- SHA256
  
  7f2d4cab8e49cbf846b82be3a54d5ff5f499ceb94a09a3445c04bbb1d1b4af72
- SHA512
  
  64ef8a65fb7b0a82766488969d5d433af8877d55a68ce03c4ac8418404734c6e60aa0e8771e6e69eda7e1c3b2e7792365eaf84ba8c48a049bad374dd6b81e02a
- SSDEEP
  
  768:uGpjM9WF9ln3Hi8WX1gVHVMcV7gowbBnOvoElEb454vswyzT0IOCP/OPVzI5vs2:uGp2kln3Hi76V1yy3KUw8DePVc502
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1