mirai | 74504ec2e10da2c442b64104191b277005a588bcfedada8a3501ff5a5ad7608d | Triage

Sharing

General

Target

2a76ace9d739aaa6800d21cfde633454.elf
Size

45KB
Sample

230514-pjwbfaeb7z
MD5

2a76ace9d739aaa6800d21cfde633454
SHA1

2d100760c43885ef9c06f638fcfad93e9310337f
SHA256

74504ec2e10da2c442b64104191b277005a588bcfedada8a3501ff5a5ad7608d
SHA512

e4f2f4c7ef2d12724292464cd23dd57fb777b69de8f8b4fc89ec90d29b481bba79f0f4099518639b0b335a57e1c780e2da71bf3ee7b0a0e60165e9d3e11727e6
SSDEEP

768:D/TYCoIxdEk+AxoTZAZHFeq8b3769q3UELbUXfi6nVMQHI4vcGpv+:DECFd+A6YHAxTLRQZ+

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2a76ace9d739aaa6800d21cfde633454.elf
- Size
  
  45KB
- MD5
  
  2a76ace9d739aaa6800d21cfde633454
- SHA1
  
  2d100760c43885ef9c06f638fcfad93e9310337f
- SHA256
  
  74504ec2e10da2c442b64104191b277005a588bcfedada8a3501ff5a5ad7608d
- SHA512
  
  e4f2f4c7ef2d12724292464cd23dd57fb777b69de8f8b4fc89ec90d29b481bba79f0f4099518639b0b335a57e1c780e2da71bf3ee7b0a0e60165e9d3e11727e6
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3769q3UELbUXfi6nVMQHI4vcGpv+:DECFd+A6YHAxTLRQZ+
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet