mirai | 877ce103b2294bfdbd56a4ddc5e4a000ddc0193100d34dae8336889cd85b83db | Triage

Sharing

General

Target

7899ed04d9194bd0f68f16bf7fa93214.bin
Size

65KB
Sample

250103-bps7dawqam
MD5

b0103e972fee2e83798324942223d8dd
SHA1

dc26739f6a160c6206c8c004734a5d3dee379042
SHA256

877ce103b2294bfdbd56a4ddc5e4a000ddc0193100d34dae8336889cd85b83db
SHA512

8119cf48d1260bba6bb045ae3c2462d587c6a509bc7d9e57dc452bc6cf8c84875b92755b80d6b9b8b1ffe19152609c9c01e1a6907feffe64905808b3b036fc3d
SSDEEP

1536:aM19l1Ogormp9FT95UDiMD9KAHSk+kH+V+TsP8jpF:a63OgzzFTQDhD9KAjeA3

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e922a38abc64c121d674193dab862396310ee58ae2664785f47c16ceb7158175.elf
- Size
  
  152KB
- MD5
  
  7899ed04d9194bd0f68f16bf7fa93214
- SHA1
  
  b337f65bb5bec90d19546073b8c0eae5e4597865
- SHA256
  
  e922a38abc64c121d674193dab862396310ee58ae2664785f47c16ceb7158175
- SHA512
  
  e7c9c0a90c4ffd06a1131757e559670d36a733a75dd298629e3c5685be497a6b6e7fb4861122bb108bcd829fd02fe0f4b9d95b09ec87a3d39206a23aff147ab8
- SSDEEP
  
  3072:8B/ubqit5P9RVoRyapenH+9mrsplDKZU2QBKXAVanxX+F8JyvrT+hLBA4emlEBDU:8B/ubqit5P9noRyapeH+9mrsplDKZU23
Score

9^/10

defense_evasion discovery
- Contacts a large (20462) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery