mirai | d300581a4cc7371c74739f162996a6bd9dfba6e3af590f54771e2ad637060f04 | Triage

Sharing

General

Target

e93221da4f7ec791295abbae87b8360b.bin
Size

22KB
Sample

230509-ccfwysff6s
MD5

cadfc081845efe8b1cc3bae0b741066e
SHA1

6d08a0b57a511d216eb561499838b7d062413db3
SHA256

d300581a4cc7371c74739f162996a6bd9dfba6e3af590f54771e2ad637060f04
SHA512

6cdb1317bb281e4be190a759e39438e62d65da64b812cfddb3b160bca2c1508011f34c88eed26dd4d21b0d313785b40ca4685a0b5eed4a3c045d55ef65673728
SSDEEP

384:q2fdjvy/jVb3UiYDyTdsB+rj3wbOJO8n1E7QsKF35T1kikNf6a92IduPLTi1LnT:q2hWEtKygrkbODn1E+6NfvkIsAnT

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e672d299b066eaf0b862b423b8ffb1ea5703b56f09868228da8e0e753f635dc4.elf
- Size
  
  22KB
- MD5
  
  e93221da4f7ec791295abbae87b8360b
- SHA1
  
  336fec8c1988fc79adf4d6e410834e7ce3b655e1
- SHA256
  
  e672d299b066eaf0b862b423b8ffb1ea5703b56f09868228da8e0e753f635dc4
- SHA512
  
  ae593c333db159c712abf1f5fca7376da11c83799d6341c87ffc2c5cc43a75fe963e2b69b87223fcdec7fc906a3aa671c1d1370b161179f1c4e56555c19edf7e
- SSDEEP
  
  384:TDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqNXcuiFqcJr:TDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+qNm
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet