mirai | e672d299b066eaf0b862b423b8ffb1ea5703b56f09868228da8e0e753f635dc4 | Triage

Sharing

General

Target

boatnet.x86_64.elf
Size

22KB
Sample

230507-pxw5wsgd9v
MD5

e93221da4f7ec791295abbae87b8360b
SHA1

336fec8c1988fc79adf4d6e410834e7ce3b655e1
SHA256

e672d299b066eaf0b862b423b8ffb1ea5703b56f09868228da8e0e753f635dc4
SHA512

ae593c333db159c712abf1f5fca7376da11c83799d6341c87ffc2c5cc43a75fe963e2b69b87223fcdec7fc906a3aa671c1d1370b161179f1c4e56555c19edf7e
SSDEEP

384:TDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqNXcuiFqcJr:TDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+qNm

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.x86_64.elf
- Size
  
  22KB
- MD5
  
  e93221da4f7ec791295abbae87b8360b
- SHA1
  
  336fec8c1988fc79adf4d6e410834e7ce3b655e1
- SHA256
  
  e672d299b066eaf0b862b423b8ffb1ea5703b56f09868228da8e0e753f635dc4
- SHA512
  
  ae593c333db159c712abf1f5fca7376da11c83799d6341c87ffc2c5cc43a75fe963e2b69b87223fcdec7fc906a3aa671c1d1370b161179f1c4e56555c19edf7e
- SSDEEP
  
  384:TDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqNXcuiFqcJr:TDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+qNm
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet