Malware Analysis Report

2024-11-13 18:03

Sample ID 241109-qyhvbsvjdz
Target dlr.arm7.elf
SHA256 8d6671293b0b9058279182d882b55607dcf3349f8770f5e84c088552212a1140
Tags
mirai lzrd botnet
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8d6671293b0b9058279182d882b55607dcf3349f8770f5e84c088552212a1140

Threat Level: Known bad

The file dlr.arm7.elf was found to be: Known bad.

Malicious Activity Summary

mirai lzrd botnet

Mirai

Mirai family

Writes file to tmp directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-09 13:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 13:40

Reported

2024-11-09 13:43

Platform

debian12-armhf-20240221-en

Max time kernel

3s

Max time network

179s

Command Line

[/tmp/dlr.arm7.elf]

Signatures

Mirai

botnet mirai

Mirai family

mirai

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/byte /tmp/dlr.arm7.elf N/A

Processes

/tmp/dlr.arm7.elf

[/tmp/dlr.arm7.elf]

Network

Country Destination Domain Proto
US 154.216.16.127:80 154.216.16.127 tcp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp

Files

/tmp/byte

MD5 b3f80cf126fef93601c6710fc02855b4
SHA1 e36c00033f3c977f7bd8a1dd740885c27ba9581f
SHA256 794fa0280e56a929306cc43b10b1c9f191265868a8fbc3a1ed3f5a905fb65ceb
SHA512 e3f050f2bed368cd0c98e3cfefcdf77bc3975959cd74ed507e835c7b2dffc72a2ea6ffae0af95d5bbfaa3314f545125437ac8ccfd697facbbbeba1d73d60baeb