Overview

overview

10

Static

static

10

loligang.arm.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loligang.arm.elf

  • Size

    77KB

  • Sample

    241129-jlg9psypgn

  • MD5

    2a0946a77d359c822142647a4d524dec

  • SHA1

    332faf26e9d8d30bf10e8d733cb73aa8fdc4377c

  • SHA256

    24be3b0c01c3d1227102e39811330184169556bbeb910e4fe75b3180731d50c1

  • SHA512

    a37c230ff485e6cd7d4f814091c5070835a69ded91fd34d9bf3d22f37ede29e2de95080caa742ba961e25d737d91f74cb8079cb49fb51d7ad26767014931e29d

  • SSDEEP

    1536:zwSvpGztmW1ga/BmP5Q99ss6VPaNY3Sdep5eryJeZWAO32xRM:zwwpX3SEer2whOGx+

Score
10/10
mirailzrddefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.arm.elf

    • Size

      77KB

    • MD5

      2a0946a77d359c822142647a4d524dec

    • SHA1

      332faf26e9d8d30bf10e8d733cb73aa8fdc4377c

    • SHA256

      24be3b0c01c3d1227102e39811330184169556bbeb910e4fe75b3180731d50c1

    • SHA512

      a37c230ff485e6cd7d4f814091c5070835a69ded91fd34d9bf3d22f37ede29e2de95080caa742ba961e25d737d91f74cb8079cb49fb51d7ad26767014931e29d

    • SSDEEP

      1536:zwSvpGztmW1ga/BmP5Q99ss6VPaNY3Sdep5eryJeZWAO32xRM:zwwpX3SEer2whOGx+

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (19829) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks