mirai | f314e44355fb6223f983003be1c4f5c87d9d292da42530acf6773e7614d1f43b

Analysis

max time kernel
149s
max time network
10s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
11/03/2025, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
Size

24KB
MD5

7587429952db47375917dd13565a48a2
SHA1

5a1c60eb2e1b53bcf88b53127566259f95e77bf0
SHA256

f314e44355fb6223f983003be1c4f5c87d9d292da42530acf6773e7614d1f43b
SHA512

5a4f5c3e7c323cd7baa843107bc0e6fd763d52e5600322ca5b1b7a422c0071e0ae556cf2b4f2084be45707752968c1bd6d5efe4ca0f50f16d87ee2540e07b593
SSDEEP

384:vGHaMZJXgL3wX2DilMWLcoU/288Wkw3gXxdg8JhT9if0Fgel51WdabRWGVCz0NvM:S5JgL3wXJq4rXkmhCVel51IaFWp

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for modification	/dev/misc/watchdog	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for modification	/bin/watchdog	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf

Reads runtime system information 25 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/697/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/722/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/736/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/644/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/654/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/669/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/683/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/687/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/737/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/744/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/760/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/718/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/751/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/755/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/783/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/648/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/694/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/763/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/775/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/776/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/653/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/682/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/688/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/689/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
File opened for reading	/proc/696/cmdline	193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf

/tmp/193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
/tmp/193.46.217.52-boatnet.mpsl-2025-03-10T075026.elf
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
- Reads runtime system information
PID:691

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...