mirai | 3b264f07c78ffba996f7118b67faab863f80a98530870a1818d275d7f510b5e8 | Triage

Sharing

General

Target

58c4112fb9ddff90e381763d258927f8.bin
Size

45KB
Sample

230527-bldmhsaa28
MD5

2cfae62e8b0d2c41dde3a71fdc417cca
SHA1

fc912154652c0a5c3787bc21b2608b230b5b6b5a
SHA256

3b264f07c78ffba996f7118b67faab863f80a98530870a1818d275d7f510b5e8
SHA512

6ae2aa4d461fa4a1c8ebb26d86ad5627f9ab604ad4de8e095d8a61e9fa236cc5ca395bab6468ed634a374f8e0f59d4cab83e41bc76598bb3734c5f59cbbf639e
SSDEEP

768:iox8Qm0aT6zoTz6uj/opbeGuKGPDTlIrRdksCg1/dyzhb+bJYaLq4RoqK/CWUfYu:ioeQm0aT6MTz6u8pnu1P0Rdvf1Q+bJRD

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b8577da827f10dbe3909cae50c0465268ae5aeed89a20271d50095ba9c021341.elf
- Size
  
  45KB
- MD5
  
  58c4112fb9ddff90e381763d258927f8
- SHA1
  
  9375a20b2f6d9c23b8eec6b5493d8c17d91533d8
- SHA256
  
  b8577da827f10dbe3909cae50c0465268ae5aeed89a20271d50095ba9c021341
- SHA512
  
  20a83fcf0f849c496d4ce0652e2584fd37a123701449a02d166b678e729b015677151112dd707d5669f20994d86e0298adb02a510bc70e15a927e78b6efa8673
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b32d9q3UELbUXfi6nVMQHI4vcGpvp:DECFd+A6YHAxrLRQZp
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet