Resubmissions

22-11-2024 18:24

241122-w2cqdawjf1 10

22-11-2024 18:13

241122-wt52ys1ngp 10

General

  • Target

    3061714.bin

  • Size

    249KB

  • Sample

    241122-wt52ys1ngp

  • MD5

    038814ff17c4e2f6e286dc858e3c3e38

  • SHA1

    57b63f3ed966b91f2dbc107e87d81201c329671b

  • SHA256

    3bd5be1f538f8cc195dbffd77d01e0c2509c56139a307b72d72d5bdbe2245584

  • SHA512

    5225c9dd4adcaab0547e267c5f207cc89a007268a6c2fe2c3be84d94d08ca92340c3552ac4d59109721224c480cee7a4995a94d1dbe9f3a2e498cef0b1e90e87

  • SSDEEP

    6144:REn8buta+6HwGQJk8a+MrZP6Ffk+figv49e/CKvVA6tnY:RNr2JxahZPl+L8eaKvVAcY

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      3061714.bin

    • Size

      249KB

    • MD5

      038814ff17c4e2f6e286dc858e3c3e38

    • SHA1

      57b63f3ed966b91f2dbc107e87d81201c329671b

    • SHA256

      3bd5be1f538f8cc195dbffd77d01e0c2509c56139a307b72d72d5bdbe2245584

    • SHA512

      5225c9dd4adcaab0547e267c5f207cc89a007268a6c2fe2c3be84d94d08ca92340c3552ac4d59109721224c480cee7a4995a94d1dbe9f3a2e498cef0b1e90e87

    • SSDEEP

      6144:REn8buta+6HwGQJk8a+MrZP6Ffk+figv49e/CKvVA6tnY:RNr2JxahZPl+L8eaKvVAcY

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks