mirai | d57749fae6517af8ce473c68c3c2f86cb04eaa0b842ea6ba309d1eedc200336e | Triage

Sharing

General

Target

2766-1-0x0000000000400000-0x000000000060e700-memory.dmp
Size

54KB
Sample

241226-vksjts1qaz
MD5

0eb0b21c7ae6c0084d7b22a4928465f7
SHA1

a99e1bf78f9acece3a445284eb1b49ce13a8ae09
SHA256

d57749fae6517af8ce473c68c3c2f86cb04eaa0b842ea6ba309d1eedc200336e
SHA512

b031ce8f4bfa347616f0d84aa1e8f1bc02265c0936f7c7c87af29b0399ebee8a74c064594c6b61c82857d89d5e4fdd83d815748c3552bb879e59f79ebcf456a1
SSDEEP

1536:7zm4N5hpp6TIuk/icFUnThJy9U5RLDHT/:24HcTvbu9Ub3z/

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2766-1-0x0000000000400000-0x000000000060e700-memory.dmp
- Size
  
  54KB
- MD5
  
  0eb0b21c7ae6c0084d7b22a4928465f7
- SHA1
  
  a99e1bf78f9acece3a445284eb1b49ce13a8ae09
- SHA256
  
  d57749fae6517af8ce473c68c3c2f86cb04eaa0b842ea6ba309d1eedc200336e
- SHA512
  
  b031ce8f4bfa347616f0d84aa1e8f1bc02265c0936f7c7c87af29b0399ebee8a74c064594c6b61c82857d89d5e4fdd83d815748c3552bb879e59f79ebcf456a1
- SSDEEP
  
  1536:7zm4N5hpp6TIuk/icFUnThJy9U5RLDHT/:24HcTvbu9Ub3z/
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery