Malware Analysis Report

2024-12-07 13:06

Sample ID 241108-c8bbcaspat
Target 537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438.elf
SHA256 537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438
Tags
lzrd mirai rootkit
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438

Threat Level: Known bad

The file 537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438.elf was found to be: Known bad.

Malicious Activity Summary

lzrd mirai rootkit

Mirai family

Loads a kernel module

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-08 02:44

Signatures

Mirai family

mirai

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 02:44

Reported

2024-11-08 02:46

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438.elf]

Signatures

Processes

/tmp/537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438.elf

[/tmp/537907609ffc903d04b1aa5309d9bd02b95a31f343763ae83cd61f9c1b797438.elf]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 byte-main-cnc.n-e.kr udp
AU 118.139.115.205:23 tcp
US 192.102.127.205:23 tcp
N/A 245.165.128.93:23 tcp
DE 53.189.64.202:23 tcp
NO 85.200.54.83:23 tcp
US 70.14.7.156:23 tcp
VN 118.70.9.121:23 tcp
US 70.8.239.221:23 tcp
AR 186.153.130.121:23 tcp
US 205.132.168.189:23 tcp
US 155.126.252.56:23 tcp
N/A 234.146.127.200:23 tcp
GB 5.199.14.151:23 tcp
US 184.250.27.213:23 tcp
ZM 102.151.179.147:23 tcp
US 47.86.10.70:23 tcp
US 104.209.63.25:23 tcp
CA 99.223.62.52:23 tcp
DE 89.55.99.6:23 tcp
CN 119.123.9.15:23 tcp
US 65.239.201.228:23 tcp
US 107.239.29.174:23 tcp
MA 105.68.65.111:23 tcp
US 12.135.68.155:23 tcp
US 135.219.84.242:23 tcp
US 68.250.88.141:23 tcp
RO 79.114.104.112:23 tcp
US 38.24.223.199:23 tcp
JP 157.102.233.143:23 tcp
US 24.148.40.164:23 tcp
CN 36.155.163.216:23 tcp
JP 220.214.159.238:23 tcp
NL 109.34.12.224:23 tcp
HK 113.253.46.70:23 tcp
US 146.240.138.116:23 tcp
US 216.40.194.172:23 tcp
GB 45.131.115.223:23 tcp
CA 20.220.14.75:23 tcp
AU 172.194.224.3:23 tcp
N/A 249.167.56.117:23 tcp
FR 4.176.80.122:23 tcp
US 97.137.249.219:23 tcp
N/A 228.63.218.87:23 tcp
US 155.49.215.210:23 tcp
SG 43.31.147.236:23 tcp
FR 176.190.177.92:23 tcp
US 161.98.48.195:23 tcp
CN 122.85.74.45:23 tcp
NP 36.252.13.168:23 tcp
DE 87.140.202.210:23 tcp
US 69.8.83.184:23 tcp
AU 159.196.203.52:23 tcp
US 192.135.134.170:23 tcp
US 65.37.180.111:23 tcp
US 82.112.252.181:23 tcp
ES 147.96.224.26:23 tcp
IE 188.141.97.26:23 tcp
US 167.84.2.17:23 tcp
N/A 255.4.52.200:23 tcp
CH 145.234.244.13:23 tcp
NL 195.7.136.62:23 tcp
N/A 233.171.238.217:23 tcp
N/A 236.111.131.62:23 tcp
JP 60.99.102.160:23 tcp
N/A 227.199.234.140:23 tcp
JP 133.242.42.124:23 tcp
NL 139.156.168.73:23 tcp
N/A 255.2.230.40:23 tcp
US 159.185.204.205:23 tcp
GE 37.232.26.88:23 tcp
GB 40.228.173.134:23 tcp
CH 192.33.118.120:23 tcp
N/A 226.221.161.10:23 tcp
N/A 236.50.211.1:23 tcp
IR 5.124.209.193:23 tcp
US 165.249.36.130:23 tcp
NO 193.91.165.15:23 tcp
US 146.61.41.249:23 tcp
N/A 249.232.239.30:23 tcp
US 206.13.128.79:23 tcp
N/A 225.1.4.207:23 tcp
US 104.245.22.159:23 tcp
CN 122.13.25.66:23 tcp
US 209.10.73.9:23 tcp
ES 79.146.244.137:23 tcp
US 107.162.189.198:23 tcp
US 166.91.231.235:23 tcp
JP 60.142.97.94:23 tcp
RU 86.102.248.47:23 tcp
SG 43.10.173.46:23 tcp
N/A 244.171.189.165:23 tcp
IT 212.110.48.228:23 tcp
VN 117.122.103.56:23 tcp
CN 60.245.159.171:23 tcp
US 85.213.177.139:23 tcp
IT 37.116.246.126:23 tcp
FR 86.68.64.98:23 tcp
US 135.27.113.239:23 tcp
N/A 225.51.207.25:23 tcp
US 172.240.49.4:23 tcp
N/A 231.125.139.112:23 tcp
CN 124.236.100.67:23 tcp
US 170.138.249.160:23 tcp
CA 192.219.93.210:23 tcp
PL 79.133.198.128:23 tcp
DE 84.166.52.252:23 tcp
CN 58.201.196.147:23 tcp
MA 196.117.189.85:23 tcp
JP 175.130.59.33:23 tcp
N/A 251.161.203.128:23 tcp
ES 83.35.183.241:23 tcp
N/A 239.250.99.82:23 tcp
TW 61.71.252.162:23 tcp
US 32.49.2.123:23 tcp
ZA 154.119.77.84:23 tcp
US 75.182.181.208:23 tcp
N/A 252.73.27.187:23 tcp
US 146.215.116.240:23 tcp
US 97.230.125.59:23 tcp
JP 210.248.156.245:23 tcp
N/A 236.169.59.3:23 tcp
N/A 231.182.144.103:23 tcp
KZ 2.134.216.102:23 tcp
DE 16.12.35.53:23 tcp
N/A 238.0.83.190:23 tcp
US 63.94.197.113:23 tcp
US 9.35.150.128:23 tcp
N/A 243.207.123.93:23 tcp
N/A 250.131.211.143:23 tcp
US 173.190.31.200:23 tcp
DE 91.52.64.150:23 tcp
N/A 232.150.168.47:23 tcp
US 170.97.224.192:23 tcp
N/A 251.196.10.12:23 tcp
US 13.128.130.164:23 tcp
CN 14.192.62.109:23 tcp
US 73.188.72.251:23 tcp
N/A 225.214.121.174:23 tcp
UA 193.107.105.144:23 tcp
CH 85.90.12.199:23 tcp
N/A 254.133.29.96:23 tcp
DE 213.71.133.112:23 tcp
NL 20.16.206.201:23 tcp
US 48.41.121.181:23 tcp
GB 155.145.192.203:23 tcp
EG 197.58.63.155:23 tcp
N/A 249.179.73.157:23 tcp
N/A 237.230.54.133:23 tcp
IT 212.78.30.82:23 tcp
N/A 228.26.145.111:23 tcp
US 40.79.156.138:23 tcp
US 48.81.157.168:23 tcp
JP 219.32.120.44:23 tcp
N/A 250.3.11.43:23 tcp
US 12.163.229.13:23 tcp
N/A 254.4.176.103:23 tcp
US 40.200.244.188:23 tcp
CH 146.159.40.153:23 tcp
TR 31.142.255.136:23 tcp
US 161.103.233.43:23 tcp

Files

N/A