Overview

overview

10

Static

static

7

SecuriteIn...28.elf

debian-9-mips

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Linux.Siggen.9999.17528.22528.elf

  • Size

    30KB

  • Sample

    240905-pjxjha1akk

  • MD5

    c71f10f69ea59565daf9db3ca340325c

  • SHA1

    4b2ba20c2ff3b0518f8e88e8a9f1d16bdf4e9915

  • SHA256

    c321756376545ba8abaf7c12b16eb3027a32ba102b369352e313d889cb6ebb89

  • SHA512

    12fc3c0fdaeb09c125e67a21ebf7a869fe9c4565d881bfafe3650c406e5e5726a75dc6018492386bd40ba9ac3e85fc0c8de86f9140834b4a3db289802d827911

  • SSDEEP

    768:UEcInx6ray/LOkCsrzgCWbMFkfTiOJgGlzDpbuR1JV:UxInxWQsr0tMFK+6VJuf

Score
10/10
mirailzrdbotnetdefense_evasiondiscoveryupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      SecuriteInfo.com.Linux.Siggen.9999.17528.22528.elf

    • Size

      30KB

    • MD5

      c71f10f69ea59565daf9db3ca340325c

    • SHA1

      4b2ba20c2ff3b0518f8e88e8a9f1d16bdf4e9915

    • SHA256

      c321756376545ba8abaf7c12b16eb3027a32ba102b369352e313d889cb6ebb89

    • SHA512

      12fc3c0fdaeb09c125e67a21ebf7a869fe9c4565d881bfafe3650c406e5e5726a75dc6018492386bd40ba9ac3e85fc0c8de86f9140834b4a3db289802d827911

    • SSDEEP

      768:UEcInx6ray/LOkCsrzgCWbMFkfTiOJgGlzDpbuR1JV:UxInxWQsr0tMFK+6VJuf

    Score
    10/10
    mirailzrdbotnetdefense_evasiondiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (20603) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks