mirai | 27304700dc53d71505aa6d32165fe6142f3e6173effcd08a84255a3eae40788e | Triage

Submit
Reports

Overview

overview

Static

static

1

D.sh

ubuntu-18.04-amd64

D.sh

debian-9-armhf

D.sh

debian-9-mips

D.sh

debian-9-mipsel

Sharing

General

Target

D.sh
Size

1KB
Sample

230430-p9d5vahg33
MD5

e41b9523a8373b79498bef2473723adf
SHA1

bd468f9718ef86d34c88552dd01464f85e8e2ee5
SHA256

27304700dc53d71505aa6d32165fe6142f3e6173effcd08a84255a3eae40788e
SHA512

0b933fcf0f8a24ffd62431f47469529fce2170307777a632d74af893902af3ba60a14076a74874354c7667b39e5ebf37a2f6f1e9d145599d22c2fbbb03f31476

Score

10^/10

mirai lzrd botnet linux upx

Static task

static1

Behavioral task

behavioral1

Sample

D.sh

Resource

ubuntu1804-amd64-en-20211208

mirai lzrd botnet upx

ubuntu-18.04-amd64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

D.sh

Resource

debian9-armhf-20221111-en

mirai lzrd botnet upx

debian-9-armhf

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

D.sh

Resource

debian9-mipsbe-en-20211208

mirai lzrd botnet upx

debian-9-mips

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

D.sh

Resource

debian9-mipsel-20221111-en

mirai lzrd botnet upx

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  D.sh
- Size
  
  1KB
- MD5
  
  e41b9523a8373b79498bef2473723adf
- SHA1
  
  bd468f9718ef86d34c88552dd01464f85e8e2ee5
- SHA256
  
  27304700dc53d71505aa6d32165fe6142f3e6173effcd08a84255a3eae40788e
- SHA512
  
  0b933fcf0f8a24ffd62431f47469529fce2170307777a632d74af893902af3ba60a14076a74874354c7667b39e5ebf37a2f6f1e9d145599d22c2fbbb03f31476
Score

10^/10

mirai lzrd botnet upx
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnetupx

behavioral2

mirailzrdbotnetupx

behavioral3

mirailzrdbotnetupx

behavioral4

mirailzrdbotnetupx

© 2018-2024

Terms | Privacy