mirai | 1959c79da29d0fcd62def10093b2779207807816a03d1f692103a5e229790041 | Triage

Sharing

General

Target

55be85fdeb27db1de859b7cdb82e5f60.elf
Size

20KB
Sample

230428-mdncjadc55
MD5

55be85fdeb27db1de859b7cdb82e5f60
SHA1

811c8028645e361a0b95d59086c6bad65c2fea7f
SHA256

1959c79da29d0fcd62def10093b2779207807816a03d1f692103a5e229790041
SHA512

969860117f49ed8b7b91d6d93a31d417e259066f4d81f7ecb84f65c15ed1102d99f37467ede47fc0a658b81be6243ef35cd4c31f9c6ce2883dcaea675460ff0a
SSDEEP

384:Mg4Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKh:M98o08kxofBE+ZkXaqGbp2F2TWul0c58

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  55be85fdeb27db1de859b7cdb82e5f60.elf
- Size
  
  20KB
- MD5
  
  55be85fdeb27db1de859b7cdb82e5f60
- SHA1
  
  811c8028645e361a0b95d59086c6bad65c2fea7f
- SHA256
  
  1959c79da29d0fcd62def10093b2779207807816a03d1f692103a5e229790041
- SHA512
  
  969860117f49ed8b7b91d6d93a31d417e259066f4d81f7ecb84f65c15ed1102d99f37467ede47fc0a658b81be6243ef35cd4c31f9c6ce2883dcaea675460ff0a
- SSDEEP
  
  384:Mg4Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKh:M98o08kxofBE+ZkXaqGbp2F2TWul0c58
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet