mirai | 88573b0d51fab30e51d21dd9fb23541fe371f6604317d0bc3d5a71a7e3b6ba36

Analysis

max time kernel
133s
max time network
152s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
12/03/2025, 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

morte.x64.elf
Size

46KB
MD5

0e1a6e4b683d30c8cf86c7322dec3e2c
SHA1

b0ed1d1ef04117b75ed1f6a15528302cf84b661c
SHA256

88573b0d51fab30e51d21dd9fb23541fe371f6604317d0bc3d5a71a7e3b6ba36
SHA512

5c210558436090feda18debce0078894309eb6c338e9f4230bfc581fad909f5909e4a741e8c2b00d073d3b48e1a46a935213c2a8a888264457ba9763e8c2b933
SSDEEP

768:1DepiPCCC1Uuj0PbCSVuW4Pkz6HZcxMTaYElk1q5+2irO9IwyZOdV5gJQzdmAF0Q:VKUuj0zC7Hb5cxMwki5irO2P2qJ8MAuQ

Score

10^/10

mirai lzrd botnet defense_evasion

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	morte.x64.elf
File opened for modification	/dev/misc/watchdog	morte.x64.elf

/tmp/morte.x64.elf
/tmp/morte.x64.elf
1⤵
- Modifies Watchdog functionality
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...