General

  • Target

    Space.mpsl.elf

  • Size

    37KB

  • Sample

    241222-r5788s1ngy

  • MD5

    724b0edb0cc682a6915e73732dfe76d2

  • SHA1

    2c89c8aa80714af7b32a9ff6d496d15f1a853be0

  • SHA256

    d6461422ccda6e83050c467ce61a68ad74df816ebcc71eaf8e6a44f2f63164aa

  • SHA512

    112293be1c83445d5f8b4a8e894d324de050d852361f8663a5e00f522b494b0a206ef86030909e60cef7550c22034c6019885ef241b7f758959cb6838d085cf1

  • SSDEEP

    768:0hpGLq2YEQh5q10MxYWt/y/1tgPUcDpTC8tGoUBrWt:kpD2Ynjq10Qt/U89JUW

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      Space.mpsl.elf

    • Size

      37KB

    • MD5

      724b0edb0cc682a6915e73732dfe76d2

    • SHA1

      2c89c8aa80714af7b32a9ff6d496d15f1a853be0

    • SHA256

      d6461422ccda6e83050c467ce61a68ad74df816ebcc71eaf8e6a44f2f63164aa

    • SHA512

      112293be1c83445d5f8b4a8e894d324de050d852361f8663a5e00f522b494b0a206ef86030909e60cef7550c22034c6019885ef241b7f758959cb6838d085cf1

    • SSDEEP

      768:0hpGLq2YEQh5q10MxYWt/y/1tgPUcDpTC8tGoUBrWt:kpD2Ynjq10Qt/U89JUW

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks