mirai | e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d

Analysis

max time kernel
148s
max time network
152s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
14/01/2025, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
Size

36KB
MD5

5872e361c75eb6d934fec4f7ae32dc70
SHA1

6d5c97236ba057e124b51445d49e5df7602fa915
SHA256

e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d
SHA512

c05b6151584da7ba6724ce780287cdf96e26d3489f633e195ac34af21d4ad3d7ca73df53535aed6d9fe01d45b790613d0856d33be05e66c69b571970fa02a448
SSDEEP

768:AwS0nQr9tpJEu0annIBqVqVHmwIHWUFtGtzXKT1oS7tUx0nZG:rOX80VqVi2otGtzXEqMZG

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for modification	/dev/misc/watchdog	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/bin/watchdog	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for modification	/sbin/watchdog	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/580/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2489/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/274/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/417/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/14/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/34/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/37/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/792/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/1776/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2557/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/3/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/198/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/771/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2206/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2329/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2345/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2492/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/16/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/47/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/199/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/1108/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2545/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/5/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/51/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/64/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2309/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2310/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/11/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/55/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2145/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2125/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2272/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2495/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2508/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/29/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/36/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/39/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/586/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/587/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/757/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2030/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2035/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/26/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/35/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/49/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2043/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2305/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2757/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/197/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/457/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/509/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/830/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/1056/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/7/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/50/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/188/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2426/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2755/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2137/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2316/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2564/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/2/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
File opened for reading	/proc/745/status	e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf

/tmp/e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
/tmp/e5dd3b3de502814e1bc66d6b3bb3244eb848cb299b85c323586347d939563f1d.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:2819

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...