mirai | 87ff2ebc499fe042684cecc05060fadbd379d7d604bc454e47ac978868c20067 | Triage

Sharing

General

Target

a5f502047b0f1db521759405dafb75e4.bin
Size

22KB
Sample

230514-b7x82sac73
MD5

ea27e110ab935a01379a15114c3e2042
SHA1

80c69cd04786da64e43e9fe53cf2d92d87b87084
SHA256

87ff2ebc499fe042684cecc05060fadbd379d7d604bc454e47ac978868c20067
SHA512

20111f253263eb2354c116a8884b758eeb1efeffed75fc8694deb27676b7096788680efd07ecc108fdc5d09c6ab4d156951ff78c8a7c660296f7db619ad188e3
SSDEEP

384:fmAzSHJ0BTn9gY/xPllSLO/8wHU5TybVW2bkSvgHMNOEeGhT+6R43pRNMRTHQ1Ev:uHHJ09njJPllSLAVMT4VrkSvgsNeG9gc

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  7dece60cc276c55efb82994b1d11de5fc727203adf2be9721afdab1377471e1b.elf
- Size
  
  22KB
- MD5
  
  a5f502047b0f1db521759405dafb75e4
- SHA1
  
  a87a5fcfa57b315746bfa168f8cb49d7643821d0
- SHA256
  
  7dece60cc276c55efb82994b1d11de5fc727203adf2be9721afdab1377471e1b
- SHA512
  
  48f2a4b63f98440068993c2802023aaa9fd87d43c5c28dcaad3ba4a4c5dc729f59c30ddb7ed2be4bc1a50c5a1ecbab378892567ac61f88f2145508f5ddcce4b8
- SSDEEP
  
  384:pDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chiM4HhBJhpExUC03uhHB3QJmRxqM4s:pDZ5Dw7RjFjcU+O24sDS4HhrhpEguX35
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet