General

  • Target

    loligang.arm7.elf

  • Size

    141KB

  • Sample

    241222-xlltsawnbp

  • MD5

    abde533a1866fb17c76ff1edcf5facd1

  • SHA1

    21bd062bb8d518f384ed18ca0f2cef91cffbb5f8

  • SHA256

    ce83c30530762a5dc8832ea605a05d7c411c33d63465ce96cc37b7ef02d4223b

  • SHA512

    d55f6adfa3dd8b543ed972d6562c8f20cbcb0772f3b7dbc125f2dab9183c92f00feee991f75d85d33add31429f077c64e0d87bda4ab4ef18f159e7e6b116dfec

  • SSDEEP

    3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qo:walgM69pe0QmlTvI8t9mrsplDKZUQQBt

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      loligang.arm7.elf

    • Size

      141KB

    • MD5

      abde533a1866fb17c76ff1edcf5facd1

    • SHA1

      21bd062bb8d518f384ed18ca0f2cef91cffbb5f8

    • SHA256

      ce83c30530762a5dc8832ea605a05d7c411c33d63465ce96cc37b7ef02d4223b

    • SHA512

      d55f6adfa3dd8b543ed972d6562c8f20cbcb0772f3b7dbc125f2dab9183c92f00feee991f75d85d33add31429f077c64e0d87bda4ab4ef18f159e7e6b116dfec

    • SSDEEP

      3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qo:walgM69pe0QmlTvI8t9mrsplDKZUQQBt

    • Contacts a large (20107) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks