mirai | 8fb1da5f0f253439d9c62b8c6325892063e39be086dbd22f5dca6bf4cd51f34a | Triage

Sharing

General

Target

c6351af9d2445612c03e7e8cf56fa4da.bin
Size

31KB
Sample

241202-b619bayjel
MD5

8b50d0e6866e18c54ca9d3233b33d18b
SHA1

6a2337f72bcfbf81ab5b58260648ed37ba6b58b0
SHA256

8fb1da5f0f253439d9c62b8c6325892063e39be086dbd22f5dca6bf4cd51f34a
SHA512

b8eeae014328151211378622d304ab238260caf5f13e6034c9e1391b8c1629546dd409099f8bcc284313d2f1f94fe0793753350e003cb231829b567b2c85afc3
SSDEEP

768:SwradC81a9b1XBkyzvd+5jcRmP/0PbqeeOVaKQgwL:SdBafBkyDdijcRmP/mbqTO36

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27.elf
- Size
  
  94KB
- MD5
  
  c6351af9d2445612c03e7e8cf56fa4da
- SHA1
  
  d2b100287ad8ae02e1da96334e8ca8a0f138e667
- SHA256
  
  5c2dd06c819d7ce1964e017b85e0ec3797aece1ba04112963ed5caebd996de27
- SHA512
  
  0e7529ee8f2b878a1620103586594c733ffd5f3b154da4574a5bd580997b06f94a4cf1867c267e618982704622ec08f7ca9903ab1d76af210a1e08e72f048941
- SSDEEP
  
  1536:I6uAjSdc7bRYevFT0vm+z5Xr+NW6m8kvcfQ9cmtHe:q07ZT0ew5GW6m8kvcfGcSHe
Score

9^/10

defense_evasion discovery
- Contacts a large (19692) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery