General

  • Target

    loligang.arm7.elf

  • Size

    152KB

  • Sample

    241218-t4tessvndv

  • MD5

    9cd4922472ca9d4c51932f13166e335e

  • SHA1

    c582c682f2f6f70e0101bfe6e2287d42a0599082

  • SHA256

    fea0959d65ea7100e7ce7b536138fa11bb44754b167a4377a2b117da70e422b1

  • SHA512

    73ce8947b7a777d1b1f10d47b7575d4890d7ddfbd259cdf3fd785d778cdfe2e1d89c284742cbd1acd499a982f9ef1d5e9588e99cd8be42f495a2a517d4550072

  • SSDEEP

    3072:ye9bqia5r9J5o9yhpZPH+9mrsplDKZU2QBKXAVanxX+F8JyvIT+hLBA4emlEBDzc:ye9bqia5r97o9yhpZv+9mrsplDKZU2QB

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.arm7.elf

    • Size

      152KB

    • MD5

      9cd4922472ca9d4c51932f13166e335e

    • SHA1

      c582c682f2f6f70e0101bfe6e2287d42a0599082

    • SHA256

      fea0959d65ea7100e7ce7b536138fa11bb44754b167a4377a2b117da70e422b1

    • SHA512

      73ce8947b7a777d1b1f10d47b7575d4890d7ddfbd259cdf3fd785d778cdfe2e1d89c284742cbd1acd499a982f9ef1d5e9588e99cd8be42f495a2a517d4550072

    • SSDEEP

      3072:ye9bqia5r9J5o9yhpZPH+9mrsplDKZU2QBKXAVanxX+F8JyvIT+hLBA4emlEBDzc:ye9bqia5r97o9yhpZv+9mrsplDKZU2QB

    • Contacts a large (20459) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks