Overview

overview

10

Static

static

7

9836409fbd...ea.elf

debian-9-armhf

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9836409fbd7f685fed035a0193d968ea.elf

  • Size

    45KB

  • Sample

    230517-j1jq3sec27

  • MD5

    9836409fbd7f685fed035a0193d968ea

  • SHA1

    85ce28f1610acbc3f87e9a719924bfeb1ea5d0b0

  • SHA256

    a7b591061402999633a63534699e162c8bb85c6d43473f13fac90bbb8c428fae

  • SHA512

    3a79d3c2730789b908522cb21f9c2ad4cdbfde6a665de51293c4228dee73c0a6cf9cb191718f31afb104bdabb8c2e39b574cd14635d6e4dd7ca4ecc7c643c85a

  • SSDEEP

    768:g/TYCoIxdEk+AxoTZAZHFeq8b3y9q3UELbUXfi6nVMQHI4vcGpvL:gECFd+A6YHAxnLRQZL

Score
10/10
mirailzrdbotnetupx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      9836409fbd7f685fed035a0193d968ea.elf

    • Size

      45KB

    • MD5

      9836409fbd7f685fed035a0193d968ea

    • SHA1

      85ce28f1610acbc3f87e9a719924bfeb1ea5d0b0

    • SHA256

      a7b591061402999633a63534699e162c8bb85c6d43473f13fac90bbb8c428fae

    • SHA512

      3a79d3c2730789b908522cb21f9c2ad4cdbfde6a665de51293c4228dee73c0a6cf9cb191718f31afb104bdabb8c2e39b574cd14635d6e4dd7ca4ecc7c643c85a

    • SSDEEP

      768:g/TYCoIxdEk+AxoTZAZHFeq8b3y9q3UELbUXfi6nVMQHI4vcGpvL:gECFd+A6YHAxnLRQZL

    Score
    10/10
    mirailzrdbotnet

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks