mirai | e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba

Analysis

max time kernel
149s
max time network
147s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
09/02/2025, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
Size

45KB
MD5

77271ca5918412d97909b462283bc175
SHA1

59117d95383244f6087c133e7f25842e595a6345
SHA256

e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba
SHA512

c2db6ba6536bf7b547529d9e3b8965582f117e68afb16fabb8a532f9235713cc757a151d023ba896c32262a07e404394109d456d5cd224d4a468ef47daadfafd
SSDEEP

768:wW2myW5zrY3m+KDOtE1XVtnLC6cmqj+aGqKo6pOdF9q3UELMIk9r/e/lQMqtFjUF:P7d5zrY3mVqtiXVtSj+zHROdYLMIO/eT

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for modification	/dev/misc/watchdog	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for modification	/bin/watchdog	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf

Reads runtime system information 14 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/647/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/700/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/702/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/718/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/self/exe	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/646/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/678/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/682/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/707/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/631/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/695/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/754/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/666/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
File opened for reading	/proc/662/cmdline	e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf

/tmp/e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
/tmp/e0338d72ddc3a51720bf23c24be3e3d218bd8decebfd7b1a2638568a130c56ba.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:703

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...