mirai | 395c069f3261763bb3b84b05dfdff88707337d9d56a8170e3487c5b5eec10545 | Triage

Sharing

General

Target

717-1-0x00400000-0x0042ce64-memory.dmp
Size

113KB
Sample

241226-vhwhps1rcj
MD5

bd0d08d03aa4b546359f06a2a466a226
SHA1

f062cd9d7ae886a22facfc1468f343fab0b22883
SHA256

395c069f3261763bb3b84b05dfdff88707337d9d56a8170e3487c5b5eec10545
SHA512

e4d890f12ec986d3bf7ebeb3104600ec43e5aed04a3387f9e1b615d2ee6e87ef4bdf73ac8eb36b174b2e46896c1489222ae00f1579e0bca3b43117eb70a2e688
SSDEEP

3072:OrCjaLg3IbSU07blgrUPu/NRDVFR7VmcFRUFb1lKWxa:OrCjas3ImU07blgrUO2Fb1lKWxa

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  717-1-0x00400000-0x0042ce64-memory.dmp
- Size
  
  113KB
- MD5
  
  bd0d08d03aa4b546359f06a2a466a226
- SHA1
  
  f062cd9d7ae886a22facfc1468f343fab0b22883
- SHA256
  
  395c069f3261763bb3b84b05dfdff88707337d9d56a8170e3487c5b5eec10545
- SHA512
  
  e4d890f12ec986d3bf7ebeb3104600ec43e5aed04a3387f9e1b615d2ee6e87ef4bdf73ac8eb36b174b2e46896c1489222ae00f1579e0bca3b43117eb70a2e688
- SSDEEP
  
  3072:OrCjaLg3IbSU07blgrUPu/NRDVFR7VmcFRUFb1lKWxa:OrCjas3ImU07blgrUO2Fb1lKWxa
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery