mirai | 133eacb0e4d6397e1bd1b02e7b47bc5c306735795f812034b8bcb33fda4b9183 | Triage

Sharing

General

Target

2441-1-0x0000000000400000-0x0000000000514788-memory.dmp
Size

78KB
Sample

250112-vdzpkasrgm
MD5

85425697cc12413b24d6e678f17cbe21
SHA1

dfcd1c8e4af7072c2a5d069cc57c7b5ab300199c
SHA256

133eacb0e4d6397e1bd1b02e7b47bc5c306735795f812034b8bcb33fda4b9183
SHA512

fcc270a04df21619f3375508cfab88837fee6411c3d1b28af06df13f66611f4ef40fcbde7a558ede071b3440094bf8c8cd971c132325ab7c193c1ed377867127
SSDEEP

1536:+eBrtSIjPBIqOqudbau2wJC8AE4bzW9nsbptQzumpZJxlXxcLDHaEdB:xhtBjPBqqG29GC8P4bzenMYpZJxlXxK7

Score

10^/10

mirai lzrd defense_evasion discovery linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2441-1-0x0000000000400000-0x0000000000514788-memory.dmp
- Size
  
  78KB
- MD5
  
  85425697cc12413b24d6e678f17cbe21
- SHA1
  
  dfcd1c8e4af7072c2a5d069cc57c7b5ab300199c
- SHA256
  
  133eacb0e4d6397e1bd1b02e7b47bc5c306735795f812034b8bcb33fda4b9183
- SHA512
  
  fcc270a04df21619f3375508cfab88837fee6411c3d1b28af06df13f66611f4ef40fcbde7a558ede071b3440094bf8c8cd971c132325ab7c193c1ed377867127
- SSDEEP
  
  1536:+eBrtSIjPBIqOqudbau2wJC8AE4bzW9nsbptQzumpZJxlXxcLDHaEdB:xhtBjPBqqG29GC8P4bzenMYpZJxlXxK7
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery