General

  • Target

    eccfa82d22890f31c64bda17558ee576c473abc0c61fac6f12d5c700c0c903fa.elf

  • Size

    80KB

  • Sample

    241219-e5d9yayrdm

  • MD5

    61372eb1f685b46e37fb9fe63f49aa70

  • SHA1

    b5323ecdc69f3b72aa1cb45252d79a98f4cba916

  • SHA256

    eccfa82d22890f31c64bda17558ee576c473abc0c61fac6f12d5c700c0c903fa

  • SHA512

    c2c9e61d0f1432c0748c2665d4561208ecabec69507739185c3c5682f72af5caad3ccd6a44954993a43c178cf69d5bb9d21b56f12ad173cac2f04a3a9798c047

  • SSDEEP

    1536:k+hcm0sW9T9kgigxITXSLw27maJFrY41idxRva/JeZWbLZprtjYqRZM:TV0sW7ovaxwOLZppcqRm

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      eccfa82d22890f31c64bda17558ee576c473abc0c61fac6f12d5c700c0c903fa.elf

    • Size

      80KB

    • MD5

      61372eb1f685b46e37fb9fe63f49aa70

    • SHA1

      b5323ecdc69f3b72aa1cb45252d79a98f4cba916

    • SHA256

      eccfa82d22890f31c64bda17558ee576c473abc0c61fac6f12d5c700c0c903fa

    • SHA512

      c2c9e61d0f1432c0748c2665d4561208ecabec69507739185c3c5682f72af5caad3ccd6a44954993a43c178cf69d5bb9d21b56f12ad173cac2f04a3a9798c047

    • SSDEEP

      1536:k+hcm0sW9T9kgigxITXSLw27maJFrY41idxRva/JeZWbLZprtjYqRZM:TV0sW7ovaxwOLZppcqRm

    • Contacts a large (20428) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks