mirai | 3c7e5dbd1d76c5c80069f08d50ec5a810ae7b5c80c37367dee2a5d4059ee2486 | Triage

Sharing

General

Target

1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
Size

72KB
Sample

241226-zz5vxszqgn
MD5

c13a112f2e985621fd5ad80d9498ddc0
SHA1

74803360450428dbf42d05ed4953fd36fded4830
SHA256

3c7e5dbd1d76c5c80069f08d50ec5a810ae7b5c80c37367dee2a5d4059ee2486
SHA512

30f2aac94f1c878a3daa8b9cd5bd72bf0539e41424283ae928f6e926fb524bc1bfb0212b79822146e14f9baf45f042e6bba145c6dab5e7286d62852cda063d36
SSDEEP

1536:iMwuGYKLP/5jdYu9W93U2x6cR6hIJPUNg2TPCUX09/YEQB5p:guGfLP/5uu9MPscR6hIhUNRPvk95k5p

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1402-1-0x0000000008048000-0x000000000805db60-memory.dmp
- Size
  
  72KB
- MD5
  
  c13a112f2e985621fd5ad80d9498ddc0
- SHA1
  
  74803360450428dbf42d05ed4953fd36fded4830
- SHA256
  
  3c7e5dbd1d76c5c80069f08d50ec5a810ae7b5c80c37367dee2a5d4059ee2486
- SHA512
  
  30f2aac94f1c878a3daa8b9cd5bd72bf0539e41424283ae928f6e926fb524bc1bfb0212b79822146e14f9baf45f042e6bba145c6dab5e7286d62852cda063d36
- SSDEEP
  
  1536:iMwuGYKLP/5jdYu9W93U2x6cR6hIJPUNg2TPCUX09/YEQB5p:guGfLP/5uu9MPscR6hIhUNRPvk95k5p
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery