mirai | 0bbec4061568e9f6851cf3fa9979d0ce75d02401d0e73b66c5f70a266e4eb124 | Triage

Sharing

General

Target

30bc108934cbbaed717305bd7dbb9e21.bin
Size

45KB
Sample

230531-bkqkpacf8v
MD5

dcd02fd697d1118331ba36566f5c893e
SHA1

2bba793e9726ea3f1bd3ec57eb2a0be305df3a04
SHA256

0bbec4061568e9f6851cf3fa9979d0ce75d02401d0e73b66c5f70a266e4eb124
SHA512

61a1c03f252e953ac50b8426772968d3fd46edc1530001e57c9242d203c15b05a4f39f9e3ca97fc71e31d637bd8b8f3ebff9608a0899f62fafd0030ac105a5aa
SSDEEP

768:FUQPXhDveGn0vafELmJ1Zcm4TXBkU3zsneUoWUhpQNObKh+OYfS5aEKWX:PvhKNLiZcm4TuoseWUh+QbKh+Ol5aEKs

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  86dd7eeb604cc26791b34eed64fd9840a83004c19be08e5ab04f5231271f0124.elf
- Size
  
  45KB
- MD5
  
  30bc108934cbbaed717305bd7dbb9e21
- SHA1
  
  a7feebb8c3ad970e323e01105061b6e31c1dfa32
- SHA256
  
  86dd7eeb604cc26791b34eed64fd9840a83004c19be08e5ab04f5231271f0124
- SHA512
  
  102198cd24bf7d45814ad66b724ccd74eaab177f9078eb47632cbb771c924cde4649a48d34c79c427a3c8c926d494b1390a313311107f4a93b54f85813888cb3
- SSDEEP
  
  768:sf+Mc+xJFWXFdleqp9SFfuKk8be174vjD49q3UELPcLJUYErThuMrx:sfW+BlASpQGe174vBL0VfEr1u+x
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet