mirai | 930aabeaac6a9a8712d354cd4f75995f450fc53308b61d044e03228770dd34ff | Triage

Sharing

General

Target

byte.arm.elf
Size

86KB
Sample

241226-k56l3ssjhq
MD5

23107ac0d75474029f02a56394c28120
SHA1

9b7b5a2aa54769f0dab8ce3f4432985917b7d736
SHA256

930aabeaac6a9a8712d354cd4f75995f450fc53308b61d044e03228770dd34ff
SHA512

73b6c07047d9f585bee87ce2b4f691db2790dce58603e34eeb4fa69da63a1d955b080ce2297135ab6413af48cf3ba3cf83d268213bb77c43c6d37edea4d88f87
SSDEEP

1536:idYcSX1j4q2as9LQjIlaVlkhNY3FPzY2uBteVMwvLvRl61d6KIjW+:idjSXt4qls9xY3F7Y2uUqwR41IjW

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  byte.arm.elf
- Size
  
  86KB
- MD5
  
  23107ac0d75474029f02a56394c28120
- SHA1
  
  9b7b5a2aa54769f0dab8ce3f4432985917b7d736
- SHA256
  
  930aabeaac6a9a8712d354cd4f75995f450fc53308b61d044e03228770dd34ff
- SHA512
  
  73b6c07047d9f585bee87ce2b4f691db2790dce58603e34eeb4fa69da63a1d955b080ce2297135ab6413af48cf3ba3cf83d268213bb77c43c6d37edea4d88f87
- SSDEEP
  
  1536:idYcSX1j4q2as9LQjIlaVlkhNY3FPzY2uBteVMwvLvRl61d6KIjW+:idjSXt4qls9xY3F7Y2uUqwR41IjW
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery