mirai | c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7 | Triage

Analysis

max time kernel
4s
max time network
7s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
15-11-2024 03:00

Sharing

Report Analysis Logs

General

Target

c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7.elf
Size

1KB
MD5

50bfcd5178255355bf1c2e70e06d6f22
SHA1

5892057c4fd9af5506983f0428aeaf6490df4d39
SHA256

c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7
SHA512

8c4edcd503ca39a66d5c6acfe64b2f0bb10af149478d1098faca7de9048007ad4d70e4dc8f30d664f984c343efa2c1f688751c2fe6958812f183124f96beed13

Score

10^/10

mirai lzrd botnet

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7.elf

description	ioc	Process
File opened for modification	/tmp/byte	c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7.elf

/tmp/c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7.elf
/tmp/c87c43ffbe1736452c78e856544d12e2c0a32872b733ad8bd7ffeee98c1e19a7.elf
1⤵
- Writes file to tmp directory
PID:643

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/byte

Filesize
117KB

MD5
90dace050831597345679d7dfbd7d5b0

SHA1
6645cde5ce93d96a5e1e541770f14dc59100f364

SHA256
509a1343fab6dc704c0cb805284df2c7bd17194c487d250dfb9d6291561f981a

SHA512
71cae1e7c7ef3722d7fe325544898316c357fd81f063f867047586315b4170fe886302a672574e65fff937132f0afe233da0481b2da6fe36a14507e8c6212046

Download Submit