mirai | 602a80e51058610e9331fb3dbfd38019de6900909d4922288ee95ba543569cf1 | Triage

Sharing

General

Target

boatnet.arm.elf
Size

56KB
Sample

250331-kfdj1awsaz
MD5

65aabc3a3cc4964dc92f541cfdba140e
SHA1

5be2b4005e07af1da2d3da65eb8af56d1f68b2df
SHA256

602a80e51058610e9331fb3dbfd38019de6900909d4922288ee95ba543569cf1
SHA512

834f96cc779cc3342685c4a047efe403562183af37068cc8a2ffa0af56c152f6420f37d91e4826e393d6fde1b3ddd55c0b678408d082941c49e0295a123aa162
SSDEEP

768:kwocGsPISyQH0trL3qCPhpGH0aE+ZQStAwpd2GLienQO9/3P1mA2EDEy0eYjW9Ti:McG9L3Z5pGmWRAwd2Uiac8Uz1O8

Score

10^/10

mirai lzrd defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.arm.elf
- Size
  
  56KB
- MD5
  
  65aabc3a3cc4964dc92f541cfdba140e
- SHA1
  
  5be2b4005e07af1da2d3da65eb8af56d1f68b2df
- SHA256
  
  602a80e51058610e9331fb3dbfd38019de6900909d4922288ee95ba543569cf1
- SHA512
  
  834f96cc779cc3342685c4a047efe403562183af37068cc8a2ffa0af56c152f6420f37d91e4826e393d6fde1b3ddd55c0b678408d082941c49e0295a123aa162
- SSDEEP
  
  768:kwocGsPISyQH0trL3qCPhpGH0aE+ZQStAwpd2GLienQO9/3P1mA2EDEy0eYjW9Ti:McG9L3Z5pGmWRAwd2Uiac8Uz1O8
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery