mirai | 6b1f421f74430e6fe2ae022a872e5ecab0c7d8c6554e8f0954c9c27055918e44 | Triage

Sharing

General

Target

0ba4d5e0b8979db40263569d0a00e0ea.bin
Size

38KB
Sample

241114-bc5dwascpe
MD5

486c45a4580c70580fc27ca5f32c3a78
SHA1

1309e120b8cea8ac60dd536efa12ac605d054adb
SHA256

6b1f421f74430e6fe2ae022a872e5ecab0c7d8c6554e8f0954c9c27055918e44
SHA512

976ab76c2590c8700c2ec221a22af00d80cbfb8f668bae0ce65753fa88f587960f568af8e962a897106d678b67ef960ec9f028073e558da7883f89ab650eb069
SSDEEP

768:xHB7rEX8gBgD4+qXlq+vyhKlBKBD2U94PDFjYIvD+b1NyelfxC4YT:xh/EMgG4+KqFAjKBD2U9QjY6+bDpxZYT

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9.elf
- Size
  
  106KB
- MD5
  
  0ba4d5e0b8979db40263569d0a00e0ea
- SHA1
  
  1d123fc6b2f6815946985fa882469e84a29eb8c7
- SHA256
  
  dedb091ebd4b77f40694fe37f58b72b8347e8ea06f6c4b10d741db28230a2cd9
- SHA512
  
  4d4078481680290e5fa7e00f9b677e12ef2b0bdd40be212f455d0f865233099aa6fce15c9d8a3c298affa492c972b04945165c68a72bb468caa58ffc1e1c756e
- SSDEEP
  
  1536:mNK/DoMWrTnIEb9An4SBSBCrGTHdp9Z/+eaz0HN:mNK/MMWrR9bOcHdjckN
Score

9^/10

defense_evasion discovery
- Contacts a large (23504) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery