mirai | 475f28781e8d14d52788ef589bbb4f41049aa90c6dd1359927915431b2410f40 | Triage

Sharing

General

Target

a90e415ff17734be20f1c6dc66964db8.elf
Size

21KB
Sample

230512-nte7jach68
MD5

a90e415ff17734be20f1c6dc66964db8
SHA1

e4c6c2598161672c12d931588aaba534233d4426
SHA256

475f28781e8d14d52788ef589bbb4f41049aa90c6dd1359927915431b2410f40
SHA512

ab079e48c40b6a87c64a3a0097794c36dc1056b15fc43057da41339cf5c25b2089d7ae6cdbb1710dfc206454adc2ad44ef43f10a320c06666dcd1dadb3f13afc
SSDEEP

384:MOcDqRfKUWFH39z+/49ETVQrGLruI8qB+eANnlBQpMr//Ayk+v1RpA:zMkKJFH39CBVQey7qsZoMT4ypA

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  a90e415ff17734be20f1c6dc66964db8.elf
- Size
  
  21KB
- MD5
  
  a90e415ff17734be20f1c6dc66964db8
- SHA1
  
  e4c6c2598161672c12d931588aaba534233d4426
- SHA256
  
  475f28781e8d14d52788ef589bbb4f41049aa90c6dd1359927915431b2410f40
- SHA512
  
  ab079e48c40b6a87c64a3a0097794c36dc1056b15fc43057da41339cf5c25b2089d7ae6cdbb1710dfc206454adc2ad44ef43f10a320c06666dcd1dadb3f13afc
- SSDEEP
  
  384:MOcDqRfKUWFH39z+/49ETVQrGLruI8qB+eANnlBQpMr//Ayk+v1RpA:zMkKJFH39CBVQey7qsZoMT4ypA
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet