mirai | f945eed9fb7d1449e69e17404b58b4d2e340ae0efa145c1e4723d4dd9761e0c9 | Triage

Sharing

General

Target

byte.arm.elf
Size

86KB
Sample

250116-f5eq5svqfr
MD5

ee175653fa4eebfd3ab4ece63fb0e0f4
SHA1

f12d031c0d68e8f390babd2b30903d0bc3020f3d
SHA256

f945eed9fb7d1449e69e17404b58b4d2e340ae0efa145c1e4723d4dd9761e0c9
SHA512

908d7f554a7a1df883e8fcbb35957d5d3b87743eb9d1f4b6700fedb2b6277c856e27a375714f3974338658c0f388ebe4f5a163d551f8204408eb91d17b9a1384
SSDEEP

1536:CdYcSX1jQq2aA93QjIlGVlwpRYbhvusiCfyVMwjLvVl61d68IXW+:CdjSXtQqlA9pYbhmsidqEV4vIXW

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  byte.arm.elf
- Size
  
  86KB
- MD5
  
  ee175653fa4eebfd3ab4ece63fb0e0f4
- SHA1
  
  f12d031c0d68e8f390babd2b30903d0bc3020f3d
- SHA256
  
  f945eed9fb7d1449e69e17404b58b4d2e340ae0efa145c1e4723d4dd9761e0c9
- SHA512
  
  908d7f554a7a1df883e8fcbb35957d5d3b87743eb9d1f4b6700fedb2b6277c856e27a375714f3974338658c0f388ebe4f5a163d551f8204408eb91d17b9a1384
- SSDEEP
  
  1536:CdYcSX1jQq2aA93QjIlGVlwpRYbhvusiCfyVMwjLvVl61d68IXW+:CdjSXtQqlA9pYbhmsidqEV4vIXW
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery