mirai | 7247c19c644828b02c57590cad8fe8ee10a979f116a0a9586376870520b63fbc | Triage

Sharing

General

Target

9a4da5796b255a05116408f62bf87a33.elf
Size

45KB
Sample

230428-md8ngadc57
MD5

9a4da5796b255a05116408f62bf87a33
SHA1

fb15652d55a231f3665946fd8065f3f6a44b19d1
SHA256

7247c19c644828b02c57590cad8fe8ee10a979f116a0a9586376870520b63fbc
SHA512

b724e4bb1a49ac32ab55f59474edc214a814b60da393ad2f3e734cb2dce47a909a318393a823c9f57cc51b0b31514cb12b6932745abdfa4cbcce9e4a677bcaf8
SSDEEP

768:S/TYCoIxdEk+AxoTZAZHFeq8b3m9q3UELbUXfi6nVMQHI4vcGpvp:SECFd+A6YHAxLLRQZp

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  9a4da5796b255a05116408f62bf87a33.elf
- Size
  
  45KB
- MD5
  
  9a4da5796b255a05116408f62bf87a33
- SHA1
  
  fb15652d55a231f3665946fd8065f3f6a44b19d1
- SHA256
  
  7247c19c644828b02c57590cad8fe8ee10a979f116a0a9586376870520b63fbc
- SHA512
  
  b724e4bb1a49ac32ab55f59474edc214a814b60da393ad2f3e734cb2dce47a909a318393a823c9f57cc51b0b31514cb12b6932745abdfa4cbcce9e4a677bcaf8
- SSDEEP
  
  768:S/TYCoIxdEk+AxoTZAZHFeq8b3m9q3UELbUXfi6nVMQHI4vcGpvp:SECFd+A6YHAxLLRQZp
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet