mirai | eb1b2b0c8f7a26683c92f2ef5cb10087c2f3fd5f01c63f136e1a4f914d12e27e | Triage

Sharing

General

Target

649-1-0x00008000-0x000236c8-memory.dmp
Size

96KB
Sample

241226-1blmta1mdk
MD5

19857ae96002726e3b76fe1a187fc966
SHA1

b725a7a9a4b4f9e9be7d9887b47dc40fd880814b
SHA256

eb1b2b0c8f7a26683c92f2ef5cb10087c2f3fd5f01c63f136e1a4f914d12e27e
SHA512

935dde9430e911d020fc8777795864d125f28180de789be515b0c44c4e39f1ebbe330e32cb5cc3d24f8e2962f2df8896a1236b13594ce16aa02a0d29ebf75ca3
SSDEEP

3072:s2bmltnY4BRae/xGPZ06v/mYp+C9T6Mjr5:XbmltXRae/xGPd/z+cT6Or5

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  649-1-0x00008000-0x000236c8-memory.dmp
- Size
  
  96KB
- MD5
  
  19857ae96002726e3b76fe1a187fc966
- SHA1
  
  b725a7a9a4b4f9e9be7d9887b47dc40fd880814b
- SHA256
  
  eb1b2b0c8f7a26683c92f2ef5cb10087c2f3fd5f01c63f136e1a4f914d12e27e
- SHA512
  
  935dde9430e911d020fc8777795864d125f28180de789be515b0c44c4e39f1ebbe330e32cb5cc3d24f8e2962f2df8896a1236b13594ce16aa02a0d29ebf75ca3
- SSDEEP
  
  3072:s2bmltnY4BRae/xGPZ06v/mYp+C9T6Mjr5:XbmltXRae/xGPd/z+cT6Or5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery