Overview

overview

10

Static

static

1

5c21a3451c...f1.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1.elf

  • Size

    244KB

  • Sample

    240425-bxnlvsda5w

  • MD5

    cef396530992f79dea5d6d8209fc8ee7

  • SHA1

    cdaa0b93d9299a00b90edb4b617a9f89c3aa322f

  • SHA256

    5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1

  • SHA512

    8c7ffcd35b5db373bae1ce7621c97508082aeea2ed1061a167c509d4ca13f1c9e8a30d630e550ffa48ae82c1d0742af62243cd0e93d413f21b69dffd1558fafd

  • SSDEEP

    6144:cvZy8EpPYGg9XlNAI61A6OMLf+ZBse1kZcR6:Brg9Xlh6S+8se1x6

Score
10/10
mirailzrdbotnetpersistence

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1.elf

    • Size

      244KB

    • MD5

      cef396530992f79dea5d6d8209fc8ee7

    • SHA1

      cdaa0b93d9299a00b90edb4b617a9f89c3aa322f

    • SHA256

      5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1

    • SHA512

      8c7ffcd35b5db373bae1ce7621c97508082aeea2ed1061a167c509d4ca13f1c9e8a30d630e550ffa48ae82c1d0742af62243cd0e93d413f21b69dffd1558fafd

    • SSDEEP

      6144:cvZy8EpPYGg9XlNAI61A6OMLf+ZBse1kZcR6:Brg9Xlh6S+8se1x6

    Score
    10/10
    mirailzrdbotnetpersistence

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Boot or Logon Autostart Execution

2
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Scheduled Task/Job

1
T1053

Boot or Logon Autostart Execution

2
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks