mirai | 507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628 | Triage

Sharing

General

Target

507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628.elf
Size

80KB
Sample

241230-csc51avlhl
MD5

e4c8fd03b5000066b3d9287923cb4633
SHA1

c428c390600b5c97fa0f2a8c2a7f486688a3a3a6
SHA256

507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628
SHA512

5563d2c97ba38bb7cb318dd8f00f7e1042933554edb4a57d3d289b9cdee72a1b246f0739edc9fa4867a919cb1f2f0d68eca119637e92b90ac30939afd8a84e21
SSDEEP

1536:k+hcm0sW9T9kgigxITXSLw27maJFrY41idxRva/JeZWbLZprtjYqRlM:TV0sW7ovaxwOLZppcqRC

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628.elf
- Size
  
  80KB
- MD5
  
  e4c8fd03b5000066b3d9287923cb4633
- SHA1
  
  c428c390600b5c97fa0f2a8c2a7f486688a3a3a6
- SHA256
  
  507c78d68af86d5cac722485d716aeb6b56ad497b80b5acbb4f72656c8975628
- SHA512
  
  5563d2c97ba38bb7cb318dd8f00f7e1042933554edb4a57d3d289b9cdee72a1b246f0739edc9fa4867a919cb1f2f0d68eca119637e92b90ac30939afd8a84e21
- SSDEEP
  
  1536:k+hcm0sW9T9kgigxITXSLw27maJFrY41idxRva/JeZWbLZprtjYqRlM:TV0sW7ovaxwOLZppcqRC
Score

9^/10

defense_evasion discovery
- Contacts a large (19854) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery