mirai | 01d8149251ce5a1ed448d14ff0b2ab9de7865b4a61f00c1d34a1c12c516a9b43 | Triage

Sharing

General

Target

loligang.mpsl.elf
Size

89KB
Sample

241125-qnyg2aylft
MD5

76014e74927608839535a4477d1d0b02
SHA1

43408338777bd092e6b2de48384eca43d9693a40
SHA256

01d8149251ce5a1ed448d14ff0b2ab9de7865b4a61f00c1d34a1c12c516a9b43
SHA512

55a99524fd20565d7d52f7a7b8d774a264a436a42794f26eaaa8d5881c8868434e8ce739ae9b7adc1821982bad7bdafe2842d809a4e38aa3aad3ecc78cc3af76
SSDEEP

1536:ls+GCbhP/fsMS72DwTlo9PhH/RfyHoAYNqWi:W+BbhP672UCAz

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  loligang.mpsl.elf
- Size
  
  89KB
- MD5
  
  76014e74927608839535a4477d1d0b02
- SHA1
  
  43408338777bd092e6b2de48384eca43d9693a40
- SHA256
  
  01d8149251ce5a1ed448d14ff0b2ab9de7865b4a61f00c1d34a1c12c516a9b43
- SHA512
  
  55a99524fd20565d7d52f7a7b8d774a264a436a42794f26eaaa8d5881c8868434e8ce739ae9b7adc1821982bad7bdafe2842d809a4e38aa3aad3ecc78cc3af76
- SSDEEP
  
  1536:ls+GCbhP/fsMS72DwTlo9PhH/RfyHoAYNqWi:W+BbhP672UCAz
Score

8^/10

defense_evasion discovery
- Contacts a large (551) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery