mirai | a8e3b3f67765f0b0425be131ac0448f91261f567f6ca27dfc98c7fc783c600fa | Triage

Sharing

General

Target

boatnet.x86.elf
Size

20KB
Sample

230517-h4cw9sdb3w
MD5

4200144ecb0a0b3c68aa99a6924afb35
SHA1

1ad1bab1827ffd7f104e93ba176b34d257e0944f
SHA256

a8e3b3f67765f0b0425be131ac0448f91261f567f6ca27dfc98c7fc783c600fa
SHA512

6375cb031b591fdcecf713d508063bf7eb55bfc0d2f10349eb19f75bc6c5d27093e3a6c9065f4915931d1516656fe9d76beb64203b8be2441466baa6b5259782
SSDEEP

384:M0hLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oT/:T98o08kxofBE+ZkXaITbp2F2TWul0c5T

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.x86.elf
- Size
  
  20KB
- MD5
  
  4200144ecb0a0b3c68aa99a6924afb35
- SHA1
  
  1ad1bab1827ffd7f104e93ba176b34d257e0944f
- SHA256
  
  a8e3b3f67765f0b0425be131ac0448f91261f567f6ca27dfc98c7fc783c600fa
- SHA512
  
  6375cb031b591fdcecf713d508063bf7eb55bfc0d2f10349eb19f75bc6c5d27093e3a6c9065f4915931d1516656fe9d76beb64203b8be2441466baa6b5259782
- SSDEEP
  
  384:M0hLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oT/:T98o08kxofBE+ZkXaITbp2F2TWul0c5T
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet