General

  • Target

    476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b.elf

  • Size

    64KB

  • Sample

    241126-cv4ezawkhm

  • MD5

    1dd1a6834848709dd8632b04ef77b05e

  • SHA1

    bedefbc24e1cbcd4506707306605af0a8d26956c

  • SHA256

    476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b

  • SHA512

    18d71d4bc1c74d9171385133bdbe9a875c150e61f62db5dedacedd863a14d0064169cebbdd6590fa0c1794527eec20362a4a5126a839a2b7d56996e357901796

  • SSDEEP

    1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4ZQ:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b.elf

    • Size

      64KB

    • MD5

      1dd1a6834848709dd8632b04ef77b05e

    • SHA1

      bedefbc24e1cbcd4506707306605af0a8d26956c

    • SHA256

      476142cd1affb66eae58c085ce7ce443488aa95b485d3b5083b82296045a411b

    • SHA512

      18d71d4bc1c74d9171385133bdbe9a875c150e61f62db5dedacedd863a14d0064169cebbdd6590fa0c1794527eec20362a4a5126a839a2b7d56996e357901796

    • SSDEEP

      1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4ZQ:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7

    • Contacts a large (20432) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks