mirai | ede2c7a460f62bc0da8a880d75937e5249295c1d154e08f88a9f9a6cb156a2cb | Triage

Sharing

General

Target

a90e415ff17734be20f1c6dc66964db8.bin
Size

21KB
Sample

230514-b8jr2scf4z
MD5

320f3d3d31d8433c7950e12d5d5df637
SHA1

7fb73ff4f980c4be24711c56b640a87439d87840
SHA256

ede2c7a460f62bc0da8a880d75937e5249295c1d154e08f88a9f9a6cb156a2cb
SHA512

ddc06a49b3956ab14efd1885105f60607e600c7806c7ab0aa2df745b051290db406c8242a922ded02225406288ba5cbe797cc7fff7ce38a016656846d8dc716e
SSDEEP

384:05z7jkfJDUWVQItgKNqEaIJ2yIheapXQjeAn8Qf6AO+EUPBPiy2xF:0Kf2c5qIJKXmeAn87AB0pD

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  475f28781e8d14d52788ef589bbb4f41049aa90c6dd1359927915431b2410f40.elf
- Size
  
  21KB
- MD5
  
  a90e415ff17734be20f1c6dc66964db8
- SHA1
  
  e4c6c2598161672c12d931588aaba534233d4426
- SHA256
  
  475f28781e8d14d52788ef589bbb4f41049aa90c6dd1359927915431b2410f40
- SHA512
  
  ab079e48c40b6a87c64a3a0097794c36dc1056b15fc43057da41339cf5c25b2089d7ae6cdbb1710dfc206454adc2ad44ef43f10a320c06666dcd1dadb3f13afc
- SSDEEP
  
  384:MOcDqRfKUWFH39z+/49ETVQrGLruI8qB+eANnlBQpMr//Ayk+v1RpA:zMkKJFH39CBVQey7qsZoMT4ypA
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet