mirai | 6f73f7facf459eb09171dce70e2fe7c8ce3ae7cc6d3c5936f79be43d354db146 | Triage

Sharing

General

Target

3a9d23ae74771f0b81c0cd6d6e2767d2.elf
Size

23KB
Sample

230514-hlxhysba72
MD5

3a9d23ae74771f0b81c0cd6d6e2767d2
SHA1

9e6c59756e2ed87a065a1f0c7edb0568b8e003b9
SHA256

6f73f7facf459eb09171dce70e2fe7c8ce3ae7cc6d3c5936f79be43d354db146
SHA512

1efbeed661daa843e645887daecf4105705aa428125819e631fbcd5ca4a2b1c9c02b00b62180c14d44518a18ae82538faed28696d0384f17c9fcb703abc10fa0
SSDEEP

384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui4mdzJgGlzDpH7uNj1JA4f:neD8ZSWvZHZbs1row697qohQvg94izJ0

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  3a9d23ae74771f0b81c0cd6d6e2767d2.elf
- Size
  
  23KB
- MD5
  
  3a9d23ae74771f0b81c0cd6d6e2767d2
- SHA1
  
  9e6c59756e2ed87a065a1f0c7edb0568b8e003b9
- SHA256
  
  6f73f7facf459eb09171dce70e2fe7c8ce3ae7cc6d3c5936f79be43d354db146
- SHA512
  
  1efbeed661daa843e645887daecf4105705aa428125819e631fbcd5ca4a2b1c9c02b00b62180c14d44518a18ae82538faed28696d0384f17c9fcb703abc10fa0
- SSDEEP
  
  384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui4mdzJgGlzDpH7uNj1JA4f:neD8ZSWvZHZbs1row697qohQvg94izJ0
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet