mirai | 084e43a2bbee59249d8b909357b8e6806c38e1fa203ffe0ac2c2cc8f5a361ab8

Analysis

max time kernel
149s
max time network
153s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
12/03/2025, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

morte.x64.elf
Size

45KB
MD5

466984eb01c2a2a4698c0247c6d0b7d1
SHA1

e9faa24bae697faffdc1225c269630809f5021ef
SHA256

084e43a2bbee59249d8b909357b8e6806c38e1fa203ffe0ac2c2cc8f5a361ab8
SHA512

1a53e57478516f619f9b39b3bd7064e4b67145bf9a98cf6e595219bcaec6118c292df1c92f37d8f7d1b903c430bb27470f103fc22b1732792331470869a7877b
SSDEEP

768:r3n0J8LBJoIdxsWYp2MgE+eRIkox70o7iVbY1+Vy58JwtuFD0lBvd1CFeqx062n:bn0OLrkW02vE+UIP10rYpID0Dd1CHxO

Score

10^/10

mirai lzrd botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	morte.x64.elf
File opened for modification	/dev/misc/watchdog	morte.x64.elf

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

/tmp/morte.x64.elf
/tmp/morte.x64.elf
1⤵
- Modifies Watchdog functionality
PID:1562

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...