mirai | e418494cf141c103f0ca8787f67405c35eb73464952c81bc0c1162680b8448de | Triage

Submit
Reports

Overview

overview

Static

static

5

xd.x86.elf

ubuntu-22.04-amd64

Sharing

General

Target

xd.x86.elf
Size

34KB
Sample

241115-cjz86sxape
MD5

2418d9a000b6cbe0ca2cfff5d3609845
SHA1

da877581a3e847d530b8eb01ebb449d9239bd897
SHA256

e418494cf141c103f0ca8787f67405c35eb73464952c81bc0c1162680b8448de
SHA512

08e1547e5d24cda19398521e1af710e5a98ff39e35e8e9809114621755fe0607cc62f5330884a1201d85276a1322686ee0c8f37f4ebf4aa6efdfd5d6afb122f7
SSDEEP

768:Cwpimf3s1PpmFla2VIlpQwBvfo4nUGaTo5yNp0axChRVunbcuyD7UHQRjB:CQimfImja2VypQwvUIipLm3unouy8HyN

Score

10^/10

mirai lzrd botnet credential_access defense_evasion discovery linux upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

xd.x86.elf

Resource

ubuntu2204-amd64-20240611-en

mirai lzrd botnet credential_access defense_evasion discovery

ubuntu-22.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  xd.x86.elf
- Size
  
  34KB
- MD5
  
  2418d9a000b6cbe0ca2cfff5d3609845
- SHA1
  
  da877581a3e847d530b8eb01ebb449d9239bd897
- SHA256
  
  e418494cf141c103f0ca8787f67405c35eb73464952c81bc0c1162680b8448de
- SHA512
  
  08e1547e5d24cda19398521e1af710e5a98ff39e35e8e9809114621755fe0607cc62f5330884a1201d85276a1322686ee0c8f37f4ebf4aa6efdfd5d6afb122f7
- SSDEEP
  
  768:Cwpimf3s1PpmFla2VIlpQwBvfo4nUGaTo5yNp0axChRVunbcuyD7UHQRjB:CQimfImja2VypQwvUIipLm3unouy8HyN
Score

10^/10

mirai lzrd botnet credential_access defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (20612) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads process memory
  Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
  credential_access
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

OS Credential Dumping

Proc Filesystem

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetcredential_accessdefense_evasiondiscovery

© 2018-2024

Terms | Privacy