mirai | 21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1

Analysis

max time kernel
149s
max time network
147s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
24-12-2024 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
Size

36KB
MD5

2bd66161d02afa8b3891285f7f9cbfdf
SHA1

2ca808e492bf74c2cb8576f72212d3a88a7bd0af
SHA256

21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1
SHA512

8ded171bb4c03ec978b32048f088f167bc7433192befadb074c6cde71e67be934c9878bd5a1c4b42e5bcfac5682f93882df65ac9cfbcf633e8b450b11bda2574
SSDEEP

768:kLR/W7ThZdFW7v2Sv4BB4lA+YVzzHiyCxVwpGtj94/fL+nHRppWx00:kV2zdIT5v4BBH+Ydi76MSjCxpwB

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for modification	/dev/misc/watchdog	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for modification	/bin/watchdog	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/25/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/110/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/411/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1054/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1088/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1181/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/11/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/82/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/226/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/593/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/788/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1237/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/12/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/638/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1073/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/26/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/98/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/102/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1197/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1232/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1427/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1506/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/6/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/213/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/225/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/414/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/587/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/634/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/732/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1146/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/119/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1161/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/19/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/220/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/451/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/658/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1162/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1173/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/13/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/211/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/585/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1055/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1553/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/99/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1117/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1226/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1230/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1377/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/525/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/92/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/209/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1172/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/15/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/77/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/427/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/609/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/679/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1165/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/1279/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/20/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/227/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/24/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/218/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
File opened for reading	/proc/740/status	21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf

/tmp/21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
/tmp/21d663bd5974d560e377afd55d4ebaa86f82427db24b9f888197d1461bba80d1.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:1565

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads