mirai | 11d4fb9d436b062fe923746e55c5287108ca6c0a90ce27b8c8f758a12fb43d00 | Triage

Sharing

General

Target

658-1-0x00008000-0x00027bc8-memory.dmp
Size

84KB
Sample

241227-c4vt7aznet
MD5

e317e6c7ca6b3e67dbc4300cb97c12cc
SHA1

94bebd6617accbc864de79ef7ee6b2d9b2df6bdc
SHA256

11d4fb9d436b062fe923746e55c5287108ca6c0a90ce27b8c8f758a12fb43d00
SHA512

6730c43a413f0b1e2136f8bdd494a3dadd54f1b1f9856458f5c33a8594248d302f2425b1d79e49dc200482b75d98dee0cf142869ec7d4f017668c76c1e8aec74
SSDEEP

1536:sXKXihcQrrmdLaFmzrJwwHKvfJaZJoyYF9Cz+RQnkQjBQ5Gdv2R5:QKXQPSQWr+wHKvRce/F9Cz+6nkQjBQ2i

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  658-1-0x00008000-0x00027bc8-memory.dmp
- Size
  
  84KB
- MD5
  
  e317e6c7ca6b3e67dbc4300cb97c12cc
- SHA1
  
  94bebd6617accbc864de79ef7ee6b2d9b2df6bdc
- SHA256
  
  11d4fb9d436b062fe923746e55c5287108ca6c0a90ce27b8c8f758a12fb43d00
- SHA512
  
  6730c43a413f0b1e2136f8bdd494a3dadd54f1b1f9856458f5c33a8594248d302f2425b1d79e49dc200482b75d98dee0cf142869ec7d4f017668c76c1e8aec74
- SSDEEP
  
  1536:sXKXihcQrrmdLaFmzrJwwHKvfJaZJoyYF9Cz+RQnkQjBQ5Gdv2R5:QKXQPSQWr+wHKvRce/F9Cz+6nkQjBQ2i
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery