mirai | 08966e60ad7d0492609b553f10d39c589d2ab998e7ed566813c32927f059c8c9 | Triage

Sharing

General

Target

byte.arm7.elf
Size

164KB
Sample

250116-g4w5gawnev
MD5

27b71237120975fe15c23d735343e191
SHA1

341fe70abdfba2e2c215a916ee0f32be19d605b3
SHA256

08966e60ad7d0492609b553f10d39c589d2ab998e7ed566813c32927f059c8c9
SHA512

fe3f26f48d9df7c18abd2b48c81fed7113aaee15fdaa3ba6e8590be8d1164dd283238bdf7e2f0f536a28ecf6350d326d34067fc4247491e3ddfa9fe674df78d7
SSDEEP

3072:HUvDiabnHQiS3AalhgyCv/097HjvNMI4vM++ewAM/9lnVao:HUvmabHQAalhgyCHo3NsM++eTM/9ln4o

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  byte.arm7.elf
- Size
  
  164KB
- MD5
  
  27b71237120975fe15c23d735343e191
- SHA1
  
  341fe70abdfba2e2c215a916ee0f32be19d605b3
- SHA256
  
  08966e60ad7d0492609b553f10d39c589d2ab998e7ed566813c32927f059c8c9
- SHA512
  
  fe3f26f48d9df7c18abd2b48c81fed7113aaee15fdaa3ba6e8590be8d1164dd283238bdf7e2f0f536a28ecf6350d326d34067fc4247491e3ddfa9fe674df78d7
- SSDEEP
  
  3072:HUvDiabnHQiS3AalhgyCv/097HjvNMI4vM++ewAM/9lnVao:HUvmabHQAalhgyCHo3NsM++eTM/9ln4o
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery