mirai | 265abb8526fdcf49d6498128101c419b8dfe0a0cbaba8a80618f211e2f2fe32c | Triage

Sharing

General

Target

1397-1-0x0000000008048000-0x000000000805bc08-memory.dmp
Size

76KB
Sample

241226-1wsxmaskh1
MD5

666e765d28b4587e0f84768611a75740
SHA1

b18257297996d1ea377fa2845b5eadc2f28a3c08
SHA256

265abb8526fdcf49d6498128101c419b8dfe0a0cbaba8a80618f211e2f2fe32c
SHA512

1450fd7b3a6520600f0a955b4dd731f8301ce2fb8f8e99b4dd0f10495c93906bf50b6a5a3997ce6247823f2b999af76ae14c8624c28d63914d64013cf05a1220
SSDEEP

1536:/xTlM904jZVzd6kzGoYGiapUN31gRr313kPQ4rm:/xm90OZVz9Z6K9GIgm

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1397-1-0x0000000008048000-0x000000000805bc08-memory.dmp
- Size
  
  76KB
- MD5
  
  666e765d28b4587e0f84768611a75740
- SHA1
  
  b18257297996d1ea377fa2845b5eadc2f28a3c08
- SHA256
  
  265abb8526fdcf49d6498128101c419b8dfe0a0cbaba8a80618f211e2f2fe32c
- SHA512
  
  1450fd7b3a6520600f0a955b4dd731f8301ce2fb8f8e99b4dd0f10495c93906bf50b6a5a3997ce6247823f2b999af76ae14c8624c28d63914d64013cf05a1220
- SSDEEP
  
  1536:/xTlM904jZVzd6kzGoYGiapUN31gRr313kPQ4rm:/xm90OZVz9Z6K9GIgm
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery