mirai | df6a306e61b235e80958d2551dff17bfed2c4b2b31e41f35b957bf914034718e | Triage

Sharing

General

Target

boatnet.arm7.elf
Size

45KB
Sample

230428-lvg2eadb53
MD5

d1d40d99bd650d6ccd1c37499402f7f2
SHA1

8e81d6794b6c9af974c2f3f636adda4de0d83003
SHA256

df6a306e61b235e80958d2551dff17bfed2c4b2b31e41f35b957bf914034718e
SHA512

8e5097350f54305a3341d28cfea86c5c41b36d6259754e1538c24742be0e4a97b5a412599a5f6b72d7bac6c0257f024e7cad8d9384c903e8874baf2e9f546715
SSDEEP

768:b2rEN+7/U3R19Zw4wrDnvdi9q3UELJqqlpf/zAaD4stZGByRE:af7+T9in1LJnlpHzDD4DSE

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.arm7.elf
- Size
  
  45KB
- MD5
  
  d1d40d99bd650d6ccd1c37499402f7f2
- SHA1
  
  8e81d6794b6c9af974c2f3f636adda4de0d83003
- SHA256
  
  df6a306e61b235e80958d2551dff17bfed2c4b2b31e41f35b957bf914034718e
- SHA512
  
  8e5097350f54305a3341d28cfea86c5c41b36d6259754e1538c24742be0e4a97b5a412599a5f6b72d7bac6c0257f024e7cad8d9384c903e8874baf2e9f546715
- SSDEEP
  
  768:b2rEN+7/U3R19Zw4wrDnvdi9q3UELJqqlpf/zAaD4stZGByRE:af7+T9in1LJnlpHzDD4DSE
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet