mirai | e84e56612fb7731e1decb4752bd3cc2c48c268c315b9b04923420fa0b4f049cd | Triage

Sharing

General

Target

03016c92a7920fa8c20578aeed9a6bc8.bin
Size

30KB
Sample

241214-bcsebatphm
MD5

1ba37f04947a64ff108ef2b6abdf22a1
SHA1

aeade00426ae9cc3098d09f086cc9b97210e0df7
SHA256

e84e56612fb7731e1decb4752bd3cc2c48c268c315b9b04923420fa0b4f049cd
SHA512

1f864e466ef6379fd2166a8a76aa2aa96ef5d07bf33455c5164777f41333a620b09f8437d824ec91128cda149056e116051979dab6691132524ee96376a0306e
SSDEEP

768:V/AgK1uloYw6KmVxp0BAk2YikeXuMAys5WYLWeOF9:x3/ol6nPCBYYikeXuMNYirF9

Score

10^/10

mirai lzrd discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  7ddcd50e0416e567d5ef8df927f7932324cddbb7991a46d30aadf0d224c422b1.elf
- Size
  
  64KB
- MD5
  
  03016c92a7920fa8c20578aeed9a6bc8
- SHA1
  
  079f4e92cd40e6c6cbeb44e97aa2a5b038cf33e5
- SHA256
  
  7ddcd50e0416e567d5ef8df927f7932324cddbb7991a46d30aadf0d224c422b1
- SHA512
  
  c3db3dc67dedcda41e3d279cb73684cf464c638e2622f5970e9e90b47c0f8e48f2a416d7643713cb5637564bf362dd6e587e252beb8c7f2082ac4424f808ee65
- SSDEEP
  
  1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4Zd:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7
Score

9^/10

discovery rootkit
- Contacts a large (20574) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit