mirai | 476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b | Triage

Sharing

General

Target

loligang.x86.elf
Size

64KB
Sample

241125-qnyg2aylfs
MD5

1dd1a6834848709dd8632b04ef77b05e
SHA1

bedefbc24e1cbcd4506707306605af0a8d26956c
SHA256

476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b
SHA512

18d71d4bc1c74d9171385133bdbe9a875c150e61f62db5dedacedd863a14d0064169cebbdd6590fa0c1794527eec20362a4a5126a839a2b7d56996e357901796
SSDEEP

1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4ZQ:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7

Score

10^/10

mirai lzrd discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  loligang.x86.elf
- Size
  
  64KB
- MD5
  
  1dd1a6834848709dd8632b04ef77b05e
- SHA1
  
  bedefbc24e1cbcd4506707306605af0a8d26956c
- SHA256
  
  476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b
- SHA512
  
  18d71d4bc1c74d9171385133bdbe9a875c150e61f62db5dedacedd863a14d0064169cebbdd6590fa0c1794527eec20362a4a5126a839a2b7d56996e357901796
- SSDEEP
  
  1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4ZQ:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7
Score

9^/10

discovery rootkit
- Contacts a large (20676) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit