mirai | 99da84b5f4e7930b77b60b1cf1750fa2f7b12d6b87cc14e555ae8574a03c7d93 | Triage

Sharing

General

Target

1578-1-0x0000000008048000-0x000000000805bc08-memory.dmp
Size

76KB
Sample

250111-ltcqasxrar
MD5

f98d03ce684fd767d86258ab09674bba
SHA1

e42a4c5962d8858e2ec64198bfecae43748be3de
SHA256

99da84b5f4e7930b77b60b1cf1750fa2f7b12d6b87cc14e555ae8574a03c7d93
SHA512

213950a547243bde21f2461952d343a784472332ace531c7ea2ee85a336d7b021bae0d249229cf7ba4315e39fca8b7286a03f057a28c0cf6b4b8ff1268d331bf
SSDEEP

1536:FpmO4tlM904jZVzd6kzGoYGiapUN31gRr313kPgCrm:PJ4g90OZVz9Z6K9GI6m

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1578-1-0x0000000008048000-0x000000000805bc08-memory.dmp
- Size
  
  76KB
- MD5
  
  f98d03ce684fd767d86258ab09674bba
- SHA1
  
  e42a4c5962d8858e2ec64198bfecae43748be3de
- SHA256
  
  99da84b5f4e7930b77b60b1cf1750fa2f7b12d6b87cc14e555ae8574a03c7d93
- SHA512
  
  213950a547243bde21f2461952d343a784472332ace531c7ea2ee85a336d7b021bae0d249229cf7ba4315e39fca8b7286a03f057a28c0cf6b4b8ff1268d331bf
- SSDEEP
  
  1536:FpmO4tlM904jZVzd6kzGoYGiapUN31gRr313kPgCrm:PJ4g90OZVz9Z6K9GI6m
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery