mirai | 87b2cf9f121c264a9b74daa8b20ea9e42c11f0b2047a82dcca714b20ad663d3d | Triage

Sharing

General

Target

a3e6859e5e20538662eb1c31db59ec0a.bin
Size

23KB
Sample

230514-b7v4pacf4s
MD5

5bc8e0a18fde3ee98de8ad1d2b0b1915
SHA1

f7fd6a691b61278950624cb033567f537ee48392
SHA256

87b2cf9f121c264a9b74daa8b20ea9e42c11f0b2047a82dcca714b20ad663d3d
SHA512

dec3168933436341310bc2e94f920d5b5eb86b31435ae1a7cd93daa2131d950ace9bc2488eeb905aa3e9c6eea839a5bb206171af770f7cb9c6da36b2aa2038c1
SSDEEP

384:VFLzBkyp1F2EQj6ljVeS0q43OMx6Y9jE8dMOG7FABWR59SMA55o4uVjodgvZeq:VFXBkwtljVEq43wY9jE8dMOGgy59SDPI

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1238f79d962d841863896016ce24929b2cee22f9e2173f0e2d3667de591bcc7c.elf
- Size
  
  24KB
- MD5
  
  a3e6859e5e20538662eb1c31db59ec0a
- SHA1
  
  548c4d09742126654eff1aac2b696fd7aa0aad23
- SHA256
  
  1238f79d962d841863896016ce24929b2cee22f9e2173f0e2d3667de591bcc7c
- SHA512
  
  78b79233227d067b9c75fbbe7465af56393428f29a55b79f1f327095230f3914332f94db33a02c5d8ffd140838591372e51236a4741bde7d6cf929aa7e1f3729
- SSDEEP
  
  768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpAZqSWv6:4QlS07FUXqIYSXQKquYqS
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet