mirai | caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af

Analysis

max time kernel
147s
max time network
153s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/03/2025, 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf
Size

65KB
MD5

a40fe02ba8c29227c2f6d00c6f69cc5b
SHA1

fbdca837baee99cdd3e79bc99d565b9bd875299d
SHA256

caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af
SHA512

70d42b3bb0b1ff699d782b983a4d37decde3eb044695e24d9c909f418b7536c98c7ff1308be778ed88a29a2685e1647ee11bd972eef9e3d5c197945ced1cd3d7
SSDEEP

1536:/XTglmJ5fEi/RRBVWyiW2BEKRLXUaLGQgb4SZq+GgPm/bj:/XTjai5RBVGJRLkYSZb+j

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai
Contacts a large (23111) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf
File opened for modification	/dev/misc/watchdog	caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/exe	caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf

/tmp/caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf
/tmp/caa05c54d704815ce46b9a1725b56a1dad22b76f26fcf2f19922167e175346af.elf
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads