mirai | 8c7203c1f364eb9e64e90af45218eceb0f330aeaf395428e0b110c75769b3a01 | Triage

Sharing

General

Target

1610-1-0x0000000008048000-0x000000000805bc08-memory.dmp
Size

76KB
Sample

241227-rjqr3awmfr
MD5

0862d4cae36f0d7d883b332f62241302
SHA1

a158d31f940265373c4f026307d794f19f316606
SHA256

8c7203c1f364eb9e64e90af45218eceb0f330aeaf395428e0b110c75769b3a01
SHA512

3b6ada2a3f49d091ec0f8de02f79a5c07cd02c503fca92c866140596a50629a03c124fd01364c1d6d10448f913a6103a9aa0fa5551f2d30bdb1ee8011c6fed51
SSDEEP

1536:FpmO4tlM904j3Kd60nGoQm+6JUt31gRr3VXgPgprm:PJ4g90O3KR16K96INm

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1610-1-0x0000000008048000-0x000000000805bc08-memory.dmp
- Size
  
  76KB
- MD5
  
  0862d4cae36f0d7d883b332f62241302
- SHA1
  
  a158d31f940265373c4f026307d794f19f316606
- SHA256
  
  8c7203c1f364eb9e64e90af45218eceb0f330aeaf395428e0b110c75769b3a01
- SHA512
  
  3b6ada2a3f49d091ec0f8de02f79a5c07cd02c503fca92c866140596a50629a03c124fd01364c1d6d10448f913a6103a9aa0fa5551f2d30bdb1ee8011c6fed51
- SSDEEP
  
  1536:FpmO4tlM904j3Kd60nGoQm+6JUt31gRr3VXgPgprm:PJ4g90O3KR16K96INm
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery