General

  • Target

    loligang.x86.elf

  • Size

    72KB

  • Sample

    241218-vaak9svpfy

  • MD5

    32e0a7bc773f856e4665dad2fc90d628

  • SHA1

    727c774e3d57cdc8a2581c1a6c5cb0ffdc2e4838

  • SHA256

    7952b6f54d1ddfed2359245de196fb3d91e33e280349f566172d96897e54b04b

  • SHA512

    ee04d3d18c7f9ab82b79d17b7a46f20a974b0401769573b8d6a8a94c96e4c75f47c4c66f02a7e2b4aa8bca015a929813398ab5e49245d4bca6aab9fc14fae155

  • SSDEEP

    1536:NW8dQs/nh9adZkrOsDYuY061vDOH3RJTWoV3SW4OB/BQJv4rmoBitQOZDG:Nt/nh9adZsOsDYuY061rgXWKSW3/GheD

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.x86.elf

    • Size

      72KB

    • MD5

      32e0a7bc773f856e4665dad2fc90d628

    • SHA1

      727c774e3d57cdc8a2581c1a6c5cb0ffdc2e4838

    • SHA256

      7952b6f54d1ddfed2359245de196fb3d91e33e280349f566172d96897e54b04b

    • SHA512

      ee04d3d18c7f9ab82b79d17b7a46f20a974b0401769573b8d6a8a94c96e4c75f47c4c66f02a7e2b4aa8bca015a929813398ab5e49245d4bca6aab9fc14fae155

    • SSDEEP

      1536:NW8dQs/nh9adZkrOsDYuY061vDOH3RJTWoV3SW4OB/BQJv4rmoBitQOZDG:Nt/nh9adZsOsDYuY061rgXWKSW3/GheD

    Score
    9/10
    • Contacts a large (20437) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

MITRE ATT&CK Enterprise v15

Tasks