General

  • Target

    loligang.mips.elf

  • Size

    99KB

  • Sample

    241218-t4tesswmdn

  • MD5

    53957c96f05acaa36f778ed595aa4867

  • SHA1

    2fdd210bfb9f7adc116dd85c383b9b6c828081b3

  • SHA256

    05b92b97502325611eb11ed99e259c59b824c62806bcf558c645587ee0bec39b

  • SHA512

    c180af4996bc1bba8d83ec89ff4daa6e41600ded6837f40db7889e3b1e21854a2295881aedc044a271bfa8902f62813a46337d0c5e7d0094a87226ca73da8250

  • SSDEEP

    1536:pegXznytTDLmgKQ29A0v+iRbNxcLPkXK7wYvmG6aa7GBtd9:jiDEA0WKbNx3XK7wYv1jaiBb9

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.mips.elf

    • Size

      99KB

    • MD5

      53957c96f05acaa36f778ed595aa4867

    • SHA1

      2fdd210bfb9f7adc116dd85c383b9b6c828081b3

    • SHA256

      05b92b97502325611eb11ed99e259c59b824c62806bcf558c645587ee0bec39b

    • SHA512

      c180af4996bc1bba8d83ec89ff4daa6e41600ded6837f40db7889e3b1e21854a2295881aedc044a271bfa8902f62813a46337d0c5e7d0094a87226ca73da8250

    • SSDEEP

      1536:pegXznytTDLmgKQ29A0v+iRbNxcLPkXK7wYvmG6aa7GBtd9:jiDEA0WKbNx3XK7wYv1jaiBb9

    • Contacts a large (20248) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks