mirai | 108c97e2ec6cfb3f66a206be5e8fd4a992599958ca17f8ee09170b736ad54b1e | Triage

Sharing

General

Target

20286dd74e25e3ec08cd217edfbe4989.bin
Size

45KB
Sample

230430-bgkv2aef81
MD5

c4484a56288a56e51b3e3bd4d591a7f7
SHA1

4b2b28aae3e324ce1bc29fbe41dc562b0d9e4ca0
SHA256

108c97e2ec6cfb3f66a206be5e8fd4a992599958ca17f8ee09170b736ad54b1e
SHA512

e713172ef6af7e3a65179cb52b3650cb7c338707f4cc0d0db11f8a5e3af95f86157a7d6671046ae4f89879ef272c484988df617905c4641cdea89dfa3ebe6889
SSDEEP

768:mZXXUhnx3gGlwmERpudW5XHkmH9+cDdxPu6JyWZw1ZEQbwZ75PKyMAq5P1ReRW3:QXuD1yYdW50m9nDXG6DioZ78WqTRew3

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  37a71bbedf74dfc58178546cb3b07b989ebb71edf686c34331c9d4280532fbd0.elf
- Size
  
  45KB
- MD5
  
  20286dd74e25e3ec08cd217edfbe4989
- SHA1
  
  cfb42393fb73ca0c22dbc7723eeaafbee54c2c46
- SHA256
  
  37a71bbedf74dfc58178546cb3b07b989ebb71edf686c34331c9d4280532fbd0
- SHA512
  
  711e724b17941637a2f15dd48cbd1fe6e68e9bec93a84eb85cfa3844d59677c836ec5a70ca6c6114a04d9cf6a778c47dd88ee4371a935f9b945659b581383cec
- SSDEEP
  
  768:g/TYCoIxdEk+AxoTZAZHFeq8b3UN9q3UELbUXfi6nVMQHI4vcGpvy:gECFd+A6YHAxUgLRQZy
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet