mirai | 2a4e7f906c9d04b424108547850b5e07738df94c69ea1fd21664d57561da6edb | Triage

Sharing

General

Target

708-1-0x00400000-0x00451a58-memory.dmp
Size

69KB
Sample

241227-dbhvlazrdp
MD5

959a18d59feafaaa6052258dbc0f72b9
SHA1

e73d71c3bb51702cc5eb3da476ddcbdab57d030b
SHA256

2a4e7f906c9d04b424108547850b5e07738df94c69ea1fd21664d57561da6edb
SHA512

a381d6339216cac6e3a9a66d02e92904ec72758d005f54e0989fab9055a50cdd7797add56ed470a731aedafa0b58509d608246190c51730c41174a50ce73fe70
SSDEEP

768:kZmnnogDILQHYLQHPVVMr4mgYVVMwKykNVVM6r+g/RtrVSYogDOsS5siv5XLatAN:BnN4ZH2SyOyuIq8LMEIUq+cvtpvXzoLe

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  708-1-0x00400000-0x00451a58-memory.dmp
- Size
  
  69KB
- MD5
  
  959a18d59feafaaa6052258dbc0f72b9
- SHA1
  
  e73d71c3bb51702cc5eb3da476ddcbdab57d030b
- SHA256
  
  2a4e7f906c9d04b424108547850b5e07738df94c69ea1fd21664d57561da6edb
- SHA512
  
  a381d6339216cac6e3a9a66d02e92904ec72758d005f54e0989fab9055a50cdd7797add56ed470a731aedafa0b58509d608246190c51730c41174a50ce73fe70
- SSDEEP
  
  768:kZmnnogDILQHYLQHPVVMr4mgYVVMwKykNVVM6r+g/RtrVSYogDOsS5siv5XLatAN:BnN4ZH2SyOyuIq8LMEIUq+cvtpvXzoLe
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery