mirai | 5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27 | Triage

Sharing

General

Target

5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27.elf
Size

94KB
Sample

241201-cyhyfaykbr
MD5

c6351af9d2445612c03e7e8cf56fa4da
SHA1

d2b100287ad8ae02e1da96334e8ca8a0f138e667
SHA256

5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27
SHA512

0e7529ee8f2b878a1620103586594c733ffd5f3b154da4574a5bd580997b06f94a4cf1867c267e618982704622ec08f7ca9903ab1d76af210a1e08e72f048941
SSDEEP

1536:I6uAjSdc7bRYevFT0vm+z5Xr+NW6m8kvcfQ9cmtHe:q07ZT0ew5GW6m8kvcfGcSHe

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27.elf
- Size
  
  94KB
- MD5
  
  c6351af9d2445612c03e7e8cf56fa4da
- SHA1
  
  d2b100287ad8ae02e1da96334e8ca8a0f138e667
- SHA256
  
  5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27
- SHA512
  
  0e7529ee8f2b878a1620103586594c733ffd5f3b154da4574a5bd580997b06f94a4cf1867c267e618982704622ec08f7ca9903ab1d76af210a1e08e72f048941
- SSDEEP
  
  1536:I6uAjSdc7bRYevFT0vm+z5Xr+NW6m8kvcfQ9cmtHe:q07ZT0ew5GW6m8kvcfGcSHe
Score

9^/10

defense_evasion discovery
- Contacts a large (20074) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery