General

  • Target

    3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d.elf

  • Size

    24KB

  • Sample

    240428-bmwvgsdb2x

  • MD5

    3be7690e67ad52c45eb442ab798c78e9

  • SHA1

    3d383311c9d5014ab32830290b5ae3bc0a31b79e

  • SHA256

    3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d

  • SHA512

    d3d1e62768a3f85c4d2e6ac4e9ec8b26d2e05be25651d8e92a620f84876ac8a4db65901d4efa574cf6ebf972d5f81e279d6583c9f54e135c5eb9d411a5d914c7

  • SSDEEP

    768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBptmZqEWv0:/QlS07FUXqIYSXQKqutqq+

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d.elf

    • Size

      24KB

    • MD5

      3be7690e67ad52c45eb442ab798c78e9

    • SHA1

      3d383311c9d5014ab32830290b5ae3bc0a31b79e

    • SHA256

      3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d

    • SHA512

      d3d1e62768a3f85c4d2e6ac4e9ec8b26d2e05be25651d8e92a620f84876ac8a4db65901d4efa574cf6ebf972d5f81e279d6583c9f54e135c5eb9d411a5d914c7

    • SSDEEP

      768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBptmZqEWv0:/QlS07FUXqIYSXQKqutqq+

    Score
    10/10
    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Tasks