mirai | 8da9b0e531b49da1d4fd367ac6b1c4dde44f6e9f63973cc3adbaec20c5638f1e | Triage

Sharing

General

Target

cb2df9012745f73517df82dbdb8b6701.bin
Size

45KB
Sample

230508-b9lb9sge74
MD5

8329a2338fba50910dfe3d0066af2400
SHA1

6d92628317bf435f941ebd7ddcbcef4f72f440c6
SHA256

8da9b0e531b49da1d4fd367ac6b1c4dde44f6e9f63973cc3adbaec20c5638f1e
SHA512

aa6cfe9209d18eb4431fd0c9bdb2e633e869220cbfc6672130f25ec5645adf17c07a957140a6d800bca56ee33bdcb607b4d667f8496d1d183ef3d8a573c6eaa3
SSDEEP

768:grhcXd08qvsig7s+CwexFJ6LnBEaZnZv42J2kzzxQds1BylKw3cUDcsH8dvmlsYa:g2Xd08qW5Crd7kzzy4kNDc68dOlsYa

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84.elf
- Size
  
  45KB
- MD5
  
  cb2df9012745f73517df82dbdb8b6701
- SHA1
  
  9c89db61e4d8839f3dd36ddf47900b8c7f5a926a
- SHA256
  
  b7c2d8e969cd973312dccaa913d6206893f9225c72cecc0789b88d18bedb6d84
- SHA512
  
  86b50fb011c279c58ffe43b768e56439f21e46b7da214fe537f6e6b34b50edd511608af8d2fb6e164b148ddacfb75659b89cc9f7ba1a0925dfab50b0d5b09017
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3z9q3UELbUXfi6nVMQHI4vcGpvJ:DECFd+A6YHAxyLRQZJ
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet