mirai | 141587c444a67faef09678959854f485ce8cada254003441f1c1ea6472d7972b | Triage

Sharing

General

Target

boatnet.x86.elf
Size

20KB
Sample

230514-g1fy3sah92
MD5

7d5e71cdd53cee01b4e4a29c5cff2065
SHA1

f8c03ca73e3abbae834ab3723f7334a3bd46f72b
SHA256

141587c444a67faef09678959854f485ce8cada254003441f1c1ea6472d7972b
SHA512

2b2898e0e49971f49a56b88b50d1379609d9548660ec66a083b88171d39cf5bad4236a1346acebe2b023b71f53447db017cac5dbdb74136535257aa7340a5240
SSDEEP

384:Mg9Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKT:798o08kxofBE+ZkXaqGbp2F2TWul0c52

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.x86.elf
- Size
  
  20KB
- MD5
  
  7d5e71cdd53cee01b4e4a29c5cff2065
- SHA1
  
  f8c03ca73e3abbae834ab3723f7334a3bd46f72b
- SHA256
  
  141587c444a67faef09678959854f485ce8cada254003441f1c1ea6472d7972b
- SHA512
  
  2b2898e0e49971f49a56b88b50d1379609d9548660ec66a083b88171d39cf5bad4236a1346acebe2b023b71f53447db017cac5dbdb74136535257aa7340a5240
- SSDEEP
  
  384:Mg9Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKT:798o08kxofBE+ZkXaqGbp2F2TWul0c52
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet