mirai | c224610d8189e1f85152381bd2fe834a118e9b87649a4daad898efe87eb86ed3 | Triage

Submit
Reports

Overview

overview

Static

static

1475-1-0x0...ry.dmp

ubuntu-18.04-amd64

9

Sharing

General

Target

1475-1-0x0000000008048000-0x0000000008057900-memory.dmp
Size

60KB
Sample

240504-bwkhtahg3v
MD5

fc5b2ced1bdfe8182b5cfe1b70c99786
SHA1

9cb4f1538fadbe70b1c42a2f2c375cd49467e36b
SHA256

c224610d8189e1f85152381bd2fe834a118e9b87649a4daad898efe87eb86ed3
SHA512

a027ee40b878c53b15d7aff83a8f655c3c8f9d59c703b50fa31891589e07dbe2a5b44e44bbd6ddc21c655e897e2afdc77d455bcf32f4f957d4af2440475026b2
SSDEEP

1536:kSTEh2ejR+4KGq0hZRASW8/SzwIkZS/vYdL:kSYh2iRB/hZaSW8/SzlqogdL

Score

10^/10

mirai lzrd discovery linux

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1475-1-0x0000000008048000-0x0000000008057900-memory.dmp

Resource

ubuntu1804-amd64-20240226-en

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1475-1-0x0000000008048000-0x0000000008057900-memory.dmp
- Size
  
  60KB
- MD5
  
  fc5b2ced1bdfe8182b5cfe1b70c99786
- SHA1
  
  9cb4f1538fadbe70b1c42a2f2c375cd49467e36b
- SHA256
  
  c224610d8189e1f85152381bd2fe834a118e9b87649a4daad898efe87eb86ed3
- SHA512
  
  a027ee40b878c53b15d7aff83a8f655c3c8f9d59c703b50fa31891589e07dbe2a5b44e44bbd6ddc21c655e897e2afdc77d455bcf32f4f957d4af2440475026b2
- SSDEEP
  
  1536:kSTEh2ejR+4KGq0hZRASW8/SzwIkZS/vYdL:kSYh2iRB/hZaSW8/SzlqogdL
Score

9^/10

discovery
- Contacts a large (20297) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy