mirai | f72dfa341e1a506fc65f3d54ed468f0936821b3ced96b939e4dfa70e72a0b5b0 | Triage

Sharing

General

Target

b720ec91e848d30018a293a31146e667.elf
Size

22KB
Sample

230430-sefa7saa75
MD5

b720ec91e848d30018a293a31146e667
SHA1

a5a1ecbfad63853864cf7dce070a23c63c9a35aa
SHA256

f72dfa341e1a506fc65f3d54ed468f0936821b3ced96b939e4dfa70e72a0b5b0
SHA512

c928a54af1a1f8be5c55869b90a14718326900219c4453ce286fec566d4f2183ab84e178bbaf44fa9266a2ba558996dc2d328ce38ba150bfad1775713affda72
SSDEEP

384:pDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chiM4HhBJhpExUC03uhHB3QJmRxkmcX:pDZ5Dw7RjFjcU+O24sDS4HhrhpEguX34

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b720ec91e848d30018a293a31146e667.elf
- Size
  
  22KB
- MD5
  
  b720ec91e848d30018a293a31146e667
- SHA1
  
  a5a1ecbfad63853864cf7dce070a23c63c9a35aa
- SHA256
  
  f72dfa341e1a506fc65f3d54ed468f0936821b3ced96b939e4dfa70e72a0b5b0
- SHA512
  
  c928a54af1a1f8be5c55869b90a14718326900219c4453ce286fec566d4f2183ab84e178bbaf44fa9266a2ba558996dc2d328ce38ba150bfad1775713affda72
- SSDEEP
  
  384:pDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chiM4HhBJhpExUC03uhHB3QJmRxkmcX:pDZ5Dw7RjFjcU+O24sDS4HhrhpEguX34
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet