Overview

overview

10

Static

static

7

9a974cb60d...ff.elf

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a974cb60d9cdbe1ec2d80b624d13aff.elf

  • Size

    24KB

  • Sample

    230517-j15njsdc6w

  • MD5

    9a974cb60d9cdbe1ec2d80b624d13aff

  • SHA1

    ce8fcda8edafdcc7114a5b90a3b7506287e0e4b5

  • SHA256

    5c66b7ff62d284ad48bdc4564ba9d0a8f09b631656522f5706c87bbab9dbea2d

  • SHA512

    9b2ed5c2a7ab947bdb425962322a087b93910b83973e0162321c0956c4ebef7d5bb2ced51529c7706c1de30bca1230cce64062323d30a47c959f6f9b359a401e

  • SSDEEP

    768:otrQlS07dEv0UXqUhvQE+CXQKMQKCXBpNEZqqWvS:iQlS07FUXqIYSXQKquN8qC

Score
10/10
mirailzrdbotnetupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      9a974cb60d9cdbe1ec2d80b624d13aff.elf

    • Size

      24KB

    • MD5

      9a974cb60d9cdbe1ec2d80b624d13aff

    • SHA1

      ce8fcda8edafdcc7114a5b90a3b7506287e0e4b5

    • SHA256

      5c66b7ff62d284ad48bdc4564ba9d0a8f09b631656522f5706c87bbab9dbea2d

    • SHA512

      9b2ed5c2a7ab947bdb425962322a087b93910b83973e0162321c0956c4ebef7d5bb2ced51529c7706c1de30bca1230cce64062323d30a47c959f6f9b359a401e

    • SSDEEP

      768:otrQlS07dEv0UXqUhvQE+CXQKMQKCXBpNEZqqWvS:iQlS07FUXqIYSXQKquN8qC

    Score
    10/10
    mirailzrdbotnet

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks