mirai | dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9 | Triage

Sharing

General

Target

dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9.elf
Size

106KB
Sample

241113-xbac1azrbl
MD5

0ba4d5e0b8979db40263569d0a00e0ea
SHA1

1d123fc6b2f6815946985fa882469e84a29eb8c7
SHA256

dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9
SHA512

4d4078481680290e5fa7e00f9b677e12ef2b0bdd40be212f455d0f865233099aa6fce15c9d8a3c298affa492c972b04945165c68a72bb468caa58ffc1e1c756e
SSDEEP

1536:mNK/DoMWrTnIEb9An4SBSBCrGTHdp9Z/+eaz0HN:mNK/MMWrR9bOcHdjckN

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9.elf
- Size
  
  106KB
- MD5
  
  0ba4d5e0b8979db40263569d0a00e0ea
- SHA1
  
  1d123fc6b2f6815946985fa882469e84a29eb8c7
- SHA256
  
  dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9
- SHA512
  
  4d4078481680290e5fa7e00f9b677e12ef2b0bdd40be212f455d0f865233099aa6fce15c9d8a3c298affa492c972b04945165c68a72bb468caa58ffc1e1c756e
- SSDEEP
  
  1536:mNK/DoMWrTnIEb9An4SBSBCrGTHdp9Z/+eaz0HN:mNK/MMWrR9bOcHdjckN
Score

9^/10

defense_evasion discovery
- Contacts a large (23992) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery