mirai | 31ef8891a4e27e7fdc4ccaf1db3b7ef70ade0c9648ab80bb06beb4a232ffe3f8 | Triage

Sharing

General

Target

674-1-0x00008000-0x000236c8-memory.dmp
Size

96KB
Sample

241227-ltdbtstpcv
MD5

909c0a3865ba05ba2020f642054bd1d5
SHA1

1b025eb4230fb22a08febbcd25fba84a847d209c
SHA256

31ef8891a4e27e7fdc4ccaf1db3b7ef70ade0c9648ab80bb06beb4a232ffe3f8
SHA512

c9308d4c4a9a48cb83aba2961b240212626a01f68562f2818276ca2528869503d1e904f8fa1e1ff8ef8380c040cc7af9793ab52168af8986bc07a182c8270a21
SSDEEP

3072:e0jlwv74BRae/xGPZ06v/mYp+C9T6MjC5:e0jlwyRae/xGPd/z+cT6OC5

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  674-1-0x00008000-0x000236c8-memory.dmp
- Size
  
  96KB
- MD5
  
  909c0a3865ba05ba2020f642054bd1d5
- SHA1
  
  1b025eb4230fb22a08febbcd25fba84a847d209c
- SHA256
  
  31ef8891a4e27e7fdc4ccaf1db3b7ef70ade0c9648ab80bb06beb4a232ffe3f8
- SHA512
  
  c9308d4c4a9a48cb83aba2961b240212626a01f68562f2818276ca2528869503d1e904f8fa1e1ff8ef8380c040cc7af9793ab52168af8986bc07a182c8270a21
- SSDEEP
  
  3072:e0jlwv74BRae/xGPZ06v/mYp+C9T6MjC5:e0jlwyRae/xGPd/z+cT6OC5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery