Overview

overview

10

Static

static

10

loligang.arm.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loligang.arm.elf

  • Size

    72KB

  • Sample

    241128-svq3msxlbm

  • MD5

    ec6142136efb64f3ce22b244589320fc

  • SHA1

    5b875843504d3f6eeeffe588bd6c80e0bf6c1c7b

  • SHA256

    4bf8f19be359d9fb6cef4e450ce7914e85e3212a0f964849265e8ae73208c2e4

  • SHA512

    e00da5bf6d41e85644f2852c488ff210a4e7be1df2d5e5f436f7df27bdd04902ca302a1bfcaaaf75875b2674b87d2fb1c40d42b94b361761b323d94f34220556

  • SSDEEP

    1536:Q9d4L7PGGnAJ0zh/YmBZkaNjczfDadPhZ2/FkYJeZWdu3vy6M:Q9d4LNJhUFkkwMu3qD

Score
10/10
mirailzrddefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.arm.elf

    • Size

      72KB

    • MD5

      ec6142136efb64f3ce22b244589320fc

    • SHA1

      5b875843504d3f6eeeffe588bd6c80e0bf6c1c7b

    • SHA256

      4bf8f19be359d9fb6cef4e450ce7914e85e3212a0f964849265e8ae73208c2e4

    • SHA512

      e00da5bf6d41e85644f2852c488ff210a4e7be1df2d5e5f436f7df27bdd04902ca302a1bfcaaaf75875b2674b87d2fb1c40d42b94b361761b323d94f34220556

    • SSDEEP

      1536:Q9d4L7PGGnAJ0zh/YmBZkaNjczfDadPhZ2/FkYJeZWdu3vy6M:Q9d4LNJhUFkkwMu3qD

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (20407) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks