mirai | 90728bd611fabdf5cc248fd60647dce89d910c0674cc7062aa4a752b8b51b0fb | Triage

Sharing

General

Target

27164791e2edcd3914c6d46c73891084.elf
Size

45KB
Sample

230426-k6rjjsac6t
MD5

27164791e2edcd3914c6d46c73891084
SHA1

f9552b7cf1c905668ab35242310986ce67a82c3b
SHA256

90728bd611fabdf5cc248fd60647dce89d910c0674cc7062aa4a752b8b51b0fb
SHA512

59d5635103065e750a17ee7f3568982162207b2853c6c2ad760b1fddce98fe0257b8dbc25c00ed28ae4d896e874800ce1f2d9194a66912b2b99988678d33b1e9
SSDEEP

768:D/TYCoIxdEk+AxoTZAZHFeq8b3rmq9q3UELbUXfi6nVMQHI4vcGpvb:DECFd+A6YHAxyfLRQZb

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  27164791e2edcd3914c6d46c73891084.elf
- Size
  
  45KB
- MD5
  
  27164791e2edcd3914c6d46c73891084
- SHA1
  
  f9552b7cf1c905668ab35242310986ce67a82c3b
- SHA256
  
  90728bd611fabdf5cc248fd60647dce89d910c0674cc7062aa4a752b8b51b0fb
- SHA512
  
  59d5635103065e750a17ee7f3568982162207b2853c6c2ad760b1fddce98fe0257b8dbc25c00ed28ae4d896e874800ce1f2d9194a66912b2b99988678d33b1e9
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3rmq9q3UELbUXfi6nVMQHI4vcGpvb:DECFd+A6YHAxyfLRQZb
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet