mirai | 0798112b08179aa8da810e484f5e12a55556043f3d7bc1cfe9b383b9e8d91c0a | Triage

Sharing

General

Target

656-1-0x00008000-0x000236c8-memory.dmp
Size

96KB
Sample

250103-wd3xnavrez
MD5

856a4e1a439f69d16c1e1d60e7d3ed9c
SHA1

271ca8c48a403916ca1878a39720f482fe55099d
SHA256

0798112b08179aa8da810e484f5e12a55556043f3d7bc1cfe9b383b9e8d91c0a
SHA512

5aaf8d6510b8a6be70202861531051abcc6a15844417fdff66cb94845e9e1a50669c088eff4ed1e737d91aba2133b356b67e2d62afea0aaf328cee11b8de527f
SSDEEP

3072:e0jlwv74BRae/xGPZ06v/mYp+C9T6MjU5:e0jlwyRae/xGPd/z+cT6OU5

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  656-1-0x00008000-0x000236c8-memory.dmp
- Size
  
  96KB
- MD5
  
  856a4e1a439f69d16c1e1d60e7d3ed9c
- SHA1
  
  271ca8c48a403916ca1878a39720f482fe55099d
- SHA256
  
  0798112b08179aa8da810e484f5e12a55556043f3d7bc1cfe9b383b9e8d91c0a
- SHA512
  
  5aaf8d6510b8a6be70202861531051abcc6a15844417fdff66cb94845e9e1a50669c088eff4ed1e737d91aba2133b356b67e2d62afea0aaf328cee11b8de527f
- SSDEEP
  
  3072:e0jlwv74BRae/xGPZ06v/mYp+C9T6MjU5:e0jlwyRae/xGPd/z+cT6OU5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery