mirai | 7a448d8bf9adcb5c058f512546ab79fc19e9fa0414ead1ce52af59b657f80cf7 | Triage

Sharing

General

Target

1fb69900d79f2d1fa80b89a352a7545a.bin
Size

35KB
Sample

241114-bc995avrgr
MD5

4dd8db19349e551d1662667ab8e79662
SHA1

8bbecdf3332a2ae17fb3e51932d89513484a98b6
SHA256

7a448d8bf9adcb5c058f512546ab79fc19e9fa0414ead1ce52af59b657f80cf7
SHA512

e301d6b68046fadc417c516dd6b05a708b3df9a8f910f2b0f21f33b41f58b9dda17c4a4d806566b24c6d3989165581faee9116fdf2302af7325f3236f3bf0fcb
SSDEEP

768:h7XFu21oiHt7Wn70ffSHRUByKPlimPmW6Z8fuCFcyWq7K4xb:n/7WnIHSq8UwmuW6ZUuCFcyfR

Score

10^/10

mirai lzrd discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  61fa903ce9d7a88e55f1361f706731511fb0647e73b7272fdb90284d2af4a4d5.elf
- Size
  
  73KB
- MD5
  
  1fb69900d79f2d1fa80b89a352a7545a
- SHA1
  
  95d8537b51ba65fb7b97567d2dc7cc04a677e1ab
- SHA256
  
  61fa903ce9d7a88e55f1361f706731511fb0647e73b7272fdb90284d2af4a4d5
- SHA512
  
  1025605866c2334bc1ae4869b292632e5503b420173ca10f51205c7a031dd323641cebcb7ed6f87b51b5227cb2b4a2504125588316342c3d5f9b9df8787d7dc9
- SSDEEP
  
  1536:pWq2VcPy61MQW1RSoM4vn0xR+B7sPOykaL8/qhsA70C6uyK/omCrmA/Srr:LpPyQMQW1RSoPvn0xR+B7sPOykaY/Chj
Score

9^/10

discovery rootkit
- Contacts a large (23998) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit