mirai | 6217ab89f9cf06bab16be025c94be9aeebf3b7925377eca4c963a3914b6c1892 | Triage

Sharing

General

Target

1563-1-0x0000000008048000-0x00000000080547a0-memory.dmp
Size

48KB
Sample

240425-qemn6sbb26
MD5

10d736401b1a3652d6b62b6f6caf8d32
SHA1

01487d30031787089ffe9877a673ece54aeb77c6
SHA256

6217ab89f9cf06bab16be025c94be9aeebf3b7925377eca4c963a3914b6c1892
SHA512

ba20397d144a197b600ed21439a8313d78da8af26cdc1c10f4bee9c64e5c9b7d78248eb799f51fb1e4b6e329dac67f2f85b28f863e72ed4bc60baebd72563151
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2imeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iO

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1563-1-0x0000000008048000-0x00000000080547a0-memory.dmp
- Size
  
  48KB
- MD5
  
  10d736401b1a3652d6b62b6f6caf8d32
- SHA1
  
  01487d30031787089ffe9877a673ece54aeb77c6
- SHA256
  
  6217ab89f9cf06bab16be025c94be9aeebf3b7925377eca4c963a3914b6c1892
- SHA512
  
  ba20397d144a197b600ed21439a8313d78da8af26cdc1c10f4bee9c64e5c9b7d78248eb799f51fb1e4b6e329dac67f2f85b28f863e72ed4bc60baebd72563151
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AGX57/4Qw7bn2imeA:Gv4QPfZfW5XTOeoEzJ7AQwf2iO
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1