mirai | 23e388945521e3a7758009a6a9ee20272aa485d4f2ba3ea2688a439323c5301c | Triage

Sharing

General

Target

1560-1-0x0000000008048000-0x0000000008056c40-memory.dmp
Size

53KB
Sample

241122-wr9mcsvrby
MD5

c0e02b2e65e175529eed809dfa7d2b06
SHA1

b0abe5227dbc1edf796b91c959ec817e1277a842
SHA256

23e388945521e3a7758009a6a9ee20272aa485d4f2ba3ea2688a439323c5301c
SHA512

ea3be944ddabf00f8a6bb97735ce223f81b8c803631889287b05c7eb9de82d0976f1ba36c4d9b47c30ba0098bd4796bda7aaa16cf8c590f0c115fb8a7a2f25fc
SSDEEP

768:LfYcj17BglTIJ/sITKUEPgK+4CaS7HA691CO1zBAx3/9S2BxP/ZcTqmq16US0sko:bDgIJ/sITaoECaCzuHZYqmG6R5ko

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1560-1-0x0000000008048000-0x0000000008056c40-memory.dmp
- Size
  
  53KB
- MD5
  
  c0e02b2e65e175529eed809dfa7d2b06
- SHA1
  
  b0abe5227dbc1edf796b91c959ec817e1277a842
- SHA256
  
  23e388945521e3a7758009a6a9ee20272aa485d4f2ba3ea2688a439323c5301c
- SHA512
  
  ea3be944ddabf00f8a6bb97735ce223f81b8c803631889287b05c7eb9de82d0976f1ba36c4d9b47c30ba0098bd4796bda7aaa16cf8c590f0c115fb8a7a2f25fc
- SSDEEP
  
  768:LfYcj17BglTIJ/sITKUEPgK+4CaS7HA691CO1zBAx3/9S2BxP/ZcTqmq16US0sko:bDgIJ/sITaoECaCzuHZYqmG6R5ko
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery