mirai | 220b6d4da6702a1ea1bd2ef0594ba6258fd3a1917efd1c0cc41ac74a1e8a90f7 | Triage

Sharing

General

Target

fb027e55875fdc137eb8b4ac1e50ad16.elf
Size

24KB
Sample

230518-rb1masbb3w
MD5

fb027e55875fdc137eb8b4ac1e50ad16
SHA1

9535e040f07b84f8d71fd2e3391cc553e9a7cfb9
SHA256

220b6d4da6702a1ea1bd2ef0594ba6258fd3a1917efd1c0cc41ac74a1e8a90f7
SHA512

95faa11236f7ef79e7c5822eab977ab8da3c9525cf751804b50f7daeaadb04b36fc3381938975f47b29873d46ef9c278fe74d26f44ba7208027084d1106d99e2
SSDEEP

768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpkxZqSWvw:4QlS07FUXqIYSXQKqumqY

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  fb027e55875fdc137eb8b4ac1e50ad16.elf
- Size
  
  24KB
- MD5
  
  fb027e55875fdc137eb8b4ac1e50ad16
- SHA1
  
  9535e040f07b84f8d71fd2e3391cc553e9a7cfb9
- SHA256
  
  220b6d4da6702a1ea1bd2ef0594ba6258fd3a1917efd1c0cc41ac74a1e8a90f7
- SHA512
  
  95faa11236f7ef79e7c5822eab977ab8da3c9525cf751804b50f7daeaadb04b36fc3381938975f47b29873d46ef9c278fe74d26f44ba7208027084d1106d99e2
- SSDEEP
  
  768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpkxZqSWvw:4QlS07FUXqIYSXQKqumqY
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet