mirai | 360b58eeee18ab46f61f3677ad3b08614eac7901ed3e558d5096fc8f4681a427 | Triage

Sharing

General

Target

651-1-0x00008000-0x000236c8-memory.dmp
Size

96KB
Sample

241227-rlb2pawmhj
MD5

80cd510d8d066eac1935550c1ef4cf11
SHA1

2771bac04c4bd5ce4ae321090b3aece0c6e5d4d0
SHA256

360b58eeee18ab46f61f3677ad3b08614eac7901ed3e558d5096fc8f4681a427
SHA512

62a55e4968cb4001e3c9b740fd74aee7c0896e6010b1dea595e9436c1dcfad590728e7c6715c18ae469b52e53b8a8e80701f40c133bb7b6a303ea02a6c9c75c4
SSDEEP

3072:s2bmltnY4BRae/xGPZ06v/mYp+C9T6Mjr5:XbmltXRae/xGPd/z+cT6Or5

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  651-1-0x00008000-0x000236c8-memory.dmp
- Size
  
  96KB
- MD5
  
  80cd510d8d066eac1935550c1ef4cf11
- SHA1
  
  2771bac04c4bd5ce4ae321090b3aece0c6e5d4d0
- SHA256
  
  360b58eeee18ab46f61f3677ad3b08614eac7901ed3e558d5096fc8f4681a427
- SHA512
  
  62a55e4968cb4001e3c9b740fd74aee7c0896e6010b1dea595e9436c1dcfad590728e7c6715c18ae469b52e53b8a8e80701f40c133bb7b6a303ea02a6c9c75c4
- SSDEEP
  
  3072:s2bmltnY4BRae/xGPZ06v/mYp+C9T6Mjr5:XbmltXRae/xGPd/z+cT6Or5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery