mirai | eda24dd7b06730bb63713803ca1600dced9c162663aff1fd5d0693086ddb320f | Triage

Sharing

General

Target

boatnet.x86.elf
Size

20KB
Sample

230529-tf7yaace75
MD5

cd2210867379aef7329dd7bd4cb078e8
SHA1

ffe0e81e4032aadb91ccb803af7c6b55cb65d886
SHA256

eda24dd7b06730bb63713803ca1600dced9c162663aff1fd5d0693086ddb320f
SHA512

f6ca0e01721b1fd0606a4d700d4c1fa9093eae8b05ea82c12349c884bdd4f58699ff9ee446151ebd319e4c7cf350a22bc77fd2857c65dbd785c05e4251b14ce9
SSDEEP

384:MY1Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkfaQtI3TopibEjQ6Q8i2kdqr4mV7rSO:798o08kxofBE+Zkfa2p+Eo2dr/VlR

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.x86.elf
- Size
  
  20KB
- MD5
  
  cd2210867379aef7329dd7bd4cb078e8
- SHA1
  
  ffe0e81e4032aadb91ccb803af7c6b55cb65d886
- SHA256
  
  eda24dd7b06730bb63713803ca1600dced9c162663aff1fd5d0693086ddb320f
- SHA512
  
  f6ca0e01721b1fd0606a4d700d4c1fa9093eae8b05ea82c12349c884bdd4f58699ff9ee446151ebd319e4c7cf350a22bc77fd2857c65dbd785c05e4251b14ce9
- SSDEEP
  
  384:MY1Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkfaQtI3TopibEjQ6Q8i2kdqr4mV7rSO:798o08kxofBE+Zkfa2p+Eo2dr/VlR
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet