mirai | 07fd8a170d43251efb55c366d3f26e266b10894ed8283e8ebbaa8eee958d69e7 | Triage

Sharing

General

Target

801166971275515b01fe782ed28cb945.elf
Size

24KB
Sample

230514-hgw2madc51
MD5

801166971275515b01fe782ed28cb945
SHA1

7255620689d1884033f2c67170e4acec9b5129f8
SHA256

07fd8a170d43251efb55c366d3f26e266b10894ed8283e8ebbaa8eee958d69e7
SHA512

2ee9f093d18477b438fc387ce987613fdffdf1c9b8da5d8c04e58710b3e4683e9a0d6c58a9103ba487848e40aeb611c321e56c4be7bcc44533f9cd479f2e2dd5
SSDEEP

768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBppZq8Wvt:BQlS07FUXqIYSXQKqu/qf

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  801166971275515b01fe782ed28cb945.elf
- Size
  
  24KB
- MD5
  
  801166971275515b01fe782ed28cb945
- SHA1
  
  7255620689d1884033f2c67170e4acec9b5129f8
- SHA256
  
  07fd8a170d43251efb55c366d3f26e266b10894ed8283e8ebbaa8eee958d69e7
- SHA512
  
  2ee9f093d18477b438fc387ce987613fdffdf1c9b8da5d8c04e58710b3e4683e9a0d6c58a9103ba487848e40aeb611c321e56c4be7bcc44533f9cd479f2e2dd5
- SSDEEP
  
  768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBppZq8Wvt:BQlS07FUXqIYSXQKqu/qf
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet