mirai | f1347230af8172479a8ea1bbb7dafb0ec06c2cee626652dcf99f279b407d69dd | Triage

Sharing

General

Target

1392-1-0x0000000008048000-0x000000000805bc08-memory.dmp
Size

76KB
Sample

241227-by6ttsxrhl
MD5

47c23a9752d8c184f0c32b5501434566
SHA1

087037943fc79a57b8e8fa83768c0963566a421c
SHA256

f1347230af8172479a8ea1bbb7dafb0ec06c2cee626652dcf99f279b407d69dd
SHA512

407c9397495e9881367cc8cda3a599d7d9c6e5ae20ac7379b75e1b4a8728ce05e79660a0ec5c0633c0c8fe5e4a371414fd0fb7c4b82fdb0014dee91415d82255
SSDEEP

1536:/xTlM904jZVzd6kzGoYGiapUN31gRr313kPQxrm:/xm90OZVz9Z6K9GIlm

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1392-1-0x0000000008048000-0x000000000805bc08-memory.dmp
- Size
  
  76KB
- MD5
  
  47c23a9752d8c184f0c32b5501434566
- SHA1
  
  087037943fc79a57b8e8fa83768c0963566a421c
- SHA256
  
  f1347230af8172479a8ea1bbb7dafb0ec06c2cee626652dcf99f279b407d69dd
- SHA512
  
  407c9397495e9881367cc8cda3a599d7d9c6e5ae20ac7379b75e1b4a8728ce05e79660a0ec5c0633c0c8fe5e4a371414fd0fb7c4b82fdb0014dee91415d82255
- SSDEEP
  
  1536:/xTlM904jZVzd6kzGoYGiapUN31gRr313kPQxrm:/xm90OZVz9Z6K9GIlm
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery