mirai | 4c6c8e440abf92183fe6f69a2623571374a64efdf1509a84f858495bf0ff6621 | Triage

Sharing

General

Target

dvr.sh
Size

1KB
Sample

241127-q8849ssnaq
MD5

ea3e4ce3ad906187d77f71fd511caca5
SHA1

1826d8941b0d1aaa76fdade685e66e31e3732399
SHA256

4c6c8e440abf92183fe6f69a2623571374a64efdf1509a84f858495bf0ff6621
SHA512

e9ac3561d6872982e7647f162635fe522c9abca8ca686d2f4853f62ae099c9b4a9f43076fc8f96ce2fc17d2dc02eb10067d811db34dc039c9a8761457830d9f7

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  dvr.sh
- Size
  
  1KB
- MD5
  
  ea3e4ce3ad906187d77f71fd511caca5
- SHA1
  
  1826d8941b0d1aaa76fdade685e66e31e3732399
- SHA256
  
  4c6c8e440abf92183fe6f69a2623571374a64efdf1509a84f858495bf0ff6621
- SHA512
  
  e9ac3561d6872982e7647f162635fe522c9abca8ca686d2f4853f62ae099c9b4a9f43076fc8f96ce2fc17d2dc02eb10067d811db34dc039c9a8761457830d9f7
Score

10^/10

mirai lzrd botnet defense_evasion discovery antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (20311) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscovery

behavioral2

mirailzrdantivmbotnetdefense_evasiondiscovery

behavioral3

mirailzrdbotnetdefense_evasiondiscovery

behavioral4

mirailzrdbotnetdefense_evasiondiscovery