Overview

overview

10

Static

static

10

loligang.x86.elf

ubuntu-24.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loligang.x86.elf

  • Size

    68KB

  • Sample

    241129-jevapatjez

  • MD5

    925d9ba2be0c9060768c5dddab51d914

  • SHA1

    77e238e2321f53ee264fdc85e5a2314c7c28e0e0

  • SHA256

    029cc33763810440e92dd29c71fbd61cde22f8146fb27bdfd0891b66529d4cff

  • SHA512

    f1dc2597394d739932abe6439d3966ed741d82f43b8e60739ba3c9b3d821481d324ace834aa8724ddcc989f4ec5931234cb2554a765fe976c705e374d64659fa

  • SSDEEP

    1536:DHiwVw+q60EUNWRQ7k86NL/gAfh7pSWE/2wQhWrTS/MoAFCA3UVIliggg:ewVw160EUNWRQ7k86N7gQ7pSWE/VSWrq

Score
10/10
mirailzrddiscoverylinuxrootkit

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.x86.elf

    • Size

      68KB

    • MD5

      925d9ba2be0c9060768c5dddab51d914

    • SHA1

      77e238e2321f53ee264fdc85e5a2314c7c28e0e0

    • SHA256

      029cc33763810440e92dd29c71fbd61cde22f8146fb27bdfd0891b66529d4cff

    • SHA512

      f1dc2597394d739932abe6439d3966ed741d82f43b8e60739ba3c9b3d821481d324ace834aa8724ddcc989f4ec5931234cb2554a765fe976c705e374d64659fa

    • SSDEEP

      1536:DHiwVw+q60EUNWRQ7k86NL/gAfh7pSWE/2wQhWrTS/MoAFCA3UVIliggg:ewVw160EUNWRQ7k86N7gQ7pSWE/VSWrq

    Score
    9/10
    discoveryrootkit

    • Contacts a large (20362) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks