mirai | 275223305ebaa8383f05b36bfaf6c83aff0d0ac8ac3ec8584719f8716deefdc1 | Triage

Sharing

General

Target

ea2d3edeeabc7887e0add0f37506a326.elf
Size

24KB
Sample

230530-gek1xafg9s
MD5

ea2d3edeeabc7887e0add0f37506a326
SHA1

e14cba2b8a29723ac71f4bcb99c9574bbaa1f4b1
SHA256

275223305ebaa8383f05b36bfaf6c83aff0d0ac8ac3ec8584719f8716deefdc1
SHA512

8a4adf98b35bc7c756229bd0fd7bf607dadd244c3b7e389b7b1c5d5b58dfd0c4f946e096d957c8ace766109259697d24b0ce027426e2a02a91636a00b9d1c5c4
SSDEEP

768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBp5xZqSWvS:4QlS07FUXqIYSXQKqu53qq

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  ea2d3edeeabc7887e0add0f37506a326.elf
- Size
  
  24KB
- MD5
  
  ea2d3edeeabc7887e0add0f37506a326
- SHA1
  
  e14cba2b8a29723ac71f4bcb99c9574bbaa1f4b1
- SHA256
  
  275223305ebaa8383f05b36bfaf6c83aff0d0ac8ac3ec8584719f8716deefdc1
- SHA512
  
  8a4adf98b35bc7c756229bd0fd7bf607dadd244c3b7e389b7b1c5d5b58dfd0c4f946e096d957c8ace766109259697d24b0ce027426e2a02a91636a00b9d1c5c4
- SSDEEP
  
  768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBp5xZqSWvS:4QlS07FUXqIYSXQKqu53qq
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet