mirai | b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84 | Triage

Sharing

General

Target

cb2df9012745f73517df82dbdb8b6701.elf
Size

45KB
Sample

230506-fzt9msad8z
MD5

cb2df9012745f73517df82dbdb8b6701
SHA1

9c89db61e4d8839f3dd36ddf47900b8c7f5a926a
SHA256

b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84
SHA512

86b50fb011c279c58ffe43b768e56439f21e46b7da214fe537f6e6b34b50edd511608af8d2fb6e164b148ddacfb75659b89cc9f7ba1a0925dfab50b0d5b09017
SSDEEP

768:D/TYCoIxdEk+AxoTZAZHFeq8b3z9q3UELbUXfi6nVMQHI4vcGpvJ:DECFd+A6YHAxyLRQZJ

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  cb2df9012745f73517df82dbdb8b6701.elf
- Size
  
  45KB
- MD5
  
  cb2df9012745f73517df82dbdb8b6701
- SHA1
  
  9c89db61e4d8839f3dd36ddf47900b8c7f5a926a
- SHA256
  
  b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84
- SHA512
  
  86b50fb011c279c58ffe43b768e56439f21e46b7da214fe537f6e6b34b50edd511608af8d2fb6e164b148ddacfb75659b89cc9f7ba1a0925dfab50b0d5b09017
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3z9q3UELbUXfi6nVMQHI4vcGpvJ:DECFd+A6YHAxyLRQZJ
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet