mirai | 42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5 | Triage

Analysis

max time kernel
0s
max time network
14s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
11-11-2024 10:54

Sharing

Report Analysis Logs

General

Target

42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5.elf
Size

1KB
MD5

f3292014da5ff571426ade8a7a3aa4b6
SHA1

b50c9f825c629673931710f807ae81c4be338020
SHA256

42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5
SHA512

ebf781b9e4fb054e99c2488b808f52361b20821bb27690b832e87136b57a083b8d05a3e18dc4bfe09af0009af3134f2fc73c23a43846b8806c137720c1fd1f11

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5.elf

description	ioc	Process
File opened for modification	/tmp/byte	42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5.elf

/tmp/42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5.elf
/tmp/42d27c84a3a02aba8318628d64d95aa3d07823fce641db8cd1b23200398411d5.elf
1⤵
- Writes file to tmp directory
PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/byte

Filesize
117KB

MD5
90dace050831597345679d7dfbd7d5b0

SHA1
6645cde5ce93d96a5e1e541770f14dc59100f364

SHA256
509a1343fab6dc704c0cb805284df2c7bd17194c487d250dfb9d6291561f981a

SHA512
71cae1e7c7ef3722d7fe325544898316c357fd81f063f867047586315b4170fe886302a672574e65fff937132f0afe233da0481b2da6fe36a14507e8c6212046

Download Submit