Overview

overview

10

Static

static

7

boatnet.arm7.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    boatnet.arm7.elf

  • Size

    45KB

  • Sample

    230428-1qgmeage87

  • MD5

    20286dd74e25e3ec08cd217edfbe4989

  • SHA1

    cfb42393fb73ca0c22dbc7723eeaafbee54c2c46

  • SHA256

    37a71bbedf74dfc58178546cb3b07b989ebb71edf686c34331c9d4280532fbd0

  • SHA512

    711e724b17941637a2f15dd48cbd1fe6e68e9bec93a84eb85cfa3844d59677c836ec5a70ca6c6114a04d9cf6a778c47dd88ee4371a935f9b945659b581383cec

  • SSDEEP

    768:g/TYCoIxdEk+AxoTZAZHFeq8b3UN9q3UELbUXfi6nVMQHI4vcGpvy:gECFd+A6YHAxUgLRQZy

Score
10/10
mirailzrdbotnetupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      boatnet.arm7.elf

    • Size

      45KB

    • MD5

      20286dd74e25e3ec08cd217edfbe4989

    • SHA1

      cfb42393fb73ca0c22dbc7723eeaafbee54c2c46

    • SHA256

      37a71bbedf74dfc58178546cb3b07b989ebb71edf686c34331c9d4280532fbd0

    • SHA512

      711e724b17941637a2f15dd48cbd1fe6e68e9bec93a84eb85cfa3844d59677c836ec5a70ca6c6114a04d9cf6a778c47dd88ee4371a935f9b945659b581383cec

    • SSDEEP

      768:g/TYCoIxdEk+AxoTZAZHFeq8b3UN9q3UELbUXfi6nVMQHI4vcGpvy:gECFd+A6YHAxUgLRQZy

    Score
    10/10
    mirailzrdbotnet

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks