mirai | 64acfe57eae8113ebb6b082535800549dd85dbdbad267f36b2fbdd1c237ba254 | Triage

Submit
Reports

Overview

overview

Static

static

loligang.arm.elf

debian-9-armhf

9

Sharing

General

Target

loligang.arm.elf
Size

70KB
Sample

241212-w5f7zaspe1
MD5

69f8393246954da3aeeaa1e42862abf5
SHA1

9ba3d8c0a9741e8ee756b80810cec07ffd6095ff
SHA256

64acfe57eae8113ebb6b082535800549dd85dbdbad267f36b2fbdd1c237ba254
SHA512

d253bc5346bcc58e38c515c244d5409a2740a667398f8880ac14d58cd484f3af3c34e42e307d337b276946acbf828b6e81d06c867ec62d0b97a6e8f303246f0e
SSDEEP

1536:GbtexU5L9XouIRhb96pUQzXtwavaJ3V8OHxouJeZWDFI8gM:GbtexU0r8QCKw2FbJ

Score

10^/10

mirai lzrd defense_evasion discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

loligang.arm.elf

Resource

debian9-armhf-20240418-en

defense_evasion discovery

debian-9-armhf

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  loligang.arm.elf
- Size
  
  70KB
- MD5
  
  69f8393246954da3aeeaa1e42862abf5
- SHA1
  
  9ba3d8c0a9741e8ee756b80810cec07ffd6095ff
- SHA256
  
  64acfe57eae8113ebb6b082535800549dd85dbdbad267f36b2fbdd1c237ba254
- SHA512
  
  d253bc5346bcc58e38c515c244d5409a2740a667398f8880ac14d58cd484f3af3c34e42e307d337b276946acbf828b6e81d06c867ec62d0b97a6e8f303246f0e
- SSDEEP
  
  1536:GbtexU5L9XouIRhb96pUQzXtwavaJ3V8OHxouJeZWDFI8gM:GbtexU0r8QCKw2FbJ
Score

9^/10

defense_evasion discovery
- Contacts a large (20547) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy