mirai | c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4

Analysis

max time kernel
149s
max time network
7s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
10/01/2025, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
Size

23KB
MD5

5d6258afa5f961b3fa073a1600f092af
SHA1

ecf5abcc547b8f37500e54f28158087c511fdbac
SHA256

c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4
SHA512

c5b305380a3ad2f923d656b3bbe68227be9ba92d55abd665e7b44f2e35380a6967f9d2cb6a5a90e1dec6b300896510adb8c160652cc29f059966d08ad89f2782
SSDEEP

384:YeD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuiCXdTmdtJgGlzDpH7uNj1n:YeD8ZSWvZHZbs1row697qohQvg9GitJ8

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/misc/watchdog	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for modification	/dev/watchdog	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for modification	/bin/watchdog	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf

Reads runtime system information 21 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/765/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/405/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/667/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/692/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/696/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/698/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/704/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/759/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/654/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/659/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/678/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/697/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/771/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/783/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/691/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/705/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/714/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/668/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/726/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/736/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
File opened for reading	/proc/763/cmdline	c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf

/tmp/c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
/tmp/c02c87dfe25f0bb6160d1a59de44d56fd336caff5fbf7216203c54f4991a38c4.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:701

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...