mirai | c845d69bc40db859c8f1bca255746b71ac59832fccade5495b8fc959ee31b332 | Triage

Submit
Reports

Overview

overview

Static

static

5

b989be97b7...kes118

debian-12-mipsel

Sharing

General

Target

b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes118
Size

31KB
Sample

241202-wx565a1ren
MD5

b989be97b721b0ca5b52a8c5cc98171b
SHA1

de4b2b1d44ff21a355bcdd4c7f0f1b76ccc4c41e
SHA256

c845d69bc40db859c8f1bca255746b71ac59832fccade5495b8fc959ee31b332
SHA512

3162097b273176ad4f2b8adc694d17b7179879d1c9d94e1757474dc8a1f8c9702835b6f6d28ca8507b606f192e7997cb32140d6bcda8801e05af3faccfd82a59
SSDEEP

768:gaE/SE6PLCQWy58+K+3AHK5VokPrm+AAFGiRzWUrXF7qWV:KSPLCtSiK5VokzP3zjTFp

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes118

Resource

debian12-mipsel-20240221-en

mirai lzrd botnet defense_evasion discovery

debian-12-mipsel

9 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b989be97b721b0ca5b52a8c5cc98171b_JaffaCakes118
- Size
  
  31KB
- MD5
  
  b989be97b721b0ca5b52a8c5cc98171b
- SHA1
  
  de4b2b1d44ff21a355bcdd4c7f0f1b76ccc4c41e
- SHA256
  
  c845d69bc40db859c8f1bca255746b71ac59832fccade5495b8fc959ee31b332
- SHA512
  
  3162097b273176ad4f2b8adc694d17b7179879d1c9d94e1757474dc8a1f8c9702835b6f6d28ca8507b606f192e7997cb32140d6bcda8801e05af3faccfd82a59
- SSDEEP
  
  768:gaE/SE6PLCQWy58+K+3AHK5VokPrm+AAFGiRzWUrXF7qWV:KSPLCtSiK5VokzP3zjTFp
Score

10^/10

mirai lzrd botnet defense_evasion discovery
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (19516) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscovery

© 2018-2025

Terms | Privacy