mirai | f578eadc26c2b5f4ae22a6ae6634abc8c062e8700ce69b3e43392e329fc874bb | Triage

Analysis

max time kernel
2s
max time network
134s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
13-11-2024 12:17

Sharing

Report Analysis Logs

General

Target

dlr.arm6.elf
Size

1KB
MD5

edd32fabb65a9769cef93d9692e2e25f
SHA1

72457c0b45337f9b5414652a1945d51916dea072
SHA256

f578eadc26c2b5f4ae22a6ae6634abc8c062e8700ce69b3e43392e329fc874bb
SHA512

b60d1b73c4cdd87eddfe780860f0cf28a5985870a0de83988563b1365ce2b1eb22d81960d437b9a76543c2366e7d72e495d92a93c0ef19c48c4bbb9263d3945e

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

dlr.arm6.elf

description	ioc	Process
File opened for modification	/tmp/byte	dlr.arm6.elf

/tmp/dlr.arm6.elf
/tmp/dlr.arm6.elf
1⤵
- Writes file to tmp directory
PID:707

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/byte

Filesize
117KB

MD5
90dace050831597345679d7dfbd7d5b0

SHA1
6645cde5ce93d96a5e1e541770f14dc59100f364

SHA256
509a1343fab6dc704c0cb805284df2c7bd17194c487d250dfb9d6291561f981a

SHA512
71cae1e7c7ef3722d7fe325544898316c357fd81f063f867047586315b4170fe886302a672574e65fff937132f0afe233da0481b2da6fe36a14507e8c6212046

Download Submit