mirai | 0ac04010c8734fe5478b19f7d22d9b52c29b3f6872f7683cf42de24e94f42639 | Triage

Submit
Reports

Overview

overview

Static

static

5

xd.mips.elf

debian-9-mips

Sharing

General

Target

xd.mips.elf
Size

36KB
Sample

241115-cjz86sxaln
MD5

9296278248405f60ada64caca1ca95fa
SHA1

9188640941dd539dbf33425d5bf41428aa2e414f
SHA256

0ac04010c8734fe5478b19f7d22d9b52c29b3f6872f7683cf42de24e94f42639
SHA512

b3437a16b7698ef2d6f9e4d12dde3bbb7b0f19da211625b30c0d4e68b8938f044a18955757185e26ef2b600ee68c77eb3cd7229be0a4535f5f51f052fdfaddae
SSDEEP

768:M0sYkr9Ov0DCe18ayBA0kVaZLY8vzZJJxJgGlzDpbuR1JK:o9Y0V18a08Oz1VJuI

Score

10^/10

mirai lzrd botnet credential_access defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

xd.mips.elf

Resource

debian9-mipsbe-20240611-en

mirai lzrd botnet credential_access defense_evasion discovery

debian-9-mips

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  xd.mips.elf
- Size
  
  36KB
- MD5
  
  9296278248405f60ada64caca1ca95fa
- SHA1
  
  9188640941dd539dbf33425d5bf41428aa2e414f
- SHA256
  
  0ac04010c8734fe5478b19f7d22d9b52c29b3f6872f7683cf42de24e94f42639
- SHA512
  
  b3437a16b7698ef2d6f9e4d12dde3bbb7b0f19da211625b30c0d4e68b8938f044a18955757185e26ef2b600ee68c77eb3cd7229be0a4535f5f51f052fdfaddae
- SSDEEP
  
  768:M0sYkr9Ov0DCe18ayBA0kVaZLY8vzZJJxJgGlzDpbuR1JK:o9Y0V18a08Oz1VJuI
Score

10^/10

mirai lzrd botnet credential_access defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (20453) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetcredential_accessdefense_evasiondiscovery

© 2018-2025

Terms | Privacy