mirai | e739b9ec17a86b151951fe1f4e9d5efd5717f8615f4ea961dde98ba2fa9157ef | Triage

Sharing

General

Target

96efa2d38b90b40eff74b4b4f96c8012.bin
Size

20KB
Sample

230514-b4mm5sac63
MD5

e7f8fbc1fa34257f353178b492e79205
SHA1

b251bac252067e18c67f90663b38e3b39d2ae282
SHA256

e739b9ec17a86b151951fe1f4e9d5efd5717f8615f4ea961dde98ba2fa9157ef
SHA512

86b0d23461e3454a0b700a41a25f09f76122e4fb7c4e7640ececf0aa45ee1c4cc214d429100394334f8ae9a3322d2598f7b6547853e9b84c8ac1766363c3f1cc
SSDEEP

384:nKMTuZcL+72G3A+ifdlYjim9FZMdzhTjtukPrIwsoPhnDrIt8ySmw:nKMT2cL47A+0YjiAcskkwO8fmw

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  a2efaabd3d465feca2094fae9b60eb72a07cec8e386990069c9829ed21077bdf.elf
- Size
  
  20KB
- MD5
  
  96efa2d38b90b40eff74b4b4f96c8012
- SHA1
  
  a5501909a848ac1d72bf4b1e9696734380cecb14
- SHA256
  
  a2efaabd3d465feca2094fae9b60eb72a07cec8e386990069c9829ed21077bdf
- SHA512
  
  c2e649f40bf3a73dbf0c722b4a5a7fa8f261d0188fa10a2ae92fb35fec2c5ee5b56c2522e72a1bff5e145c97edeb90f409b63fb6022251779fc72172824aa457
- SSDEEP
  
  384:MgWLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTJ:O98o08kxofBE+ZkXaITbp2F2TWul0c5F
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet