mirai | 56f386b78cadd6f9ea658ef5ddbef06c2ade3f43559ef64f2ac7857fff749693 | Triage

Sharing

General

Target

a79468f0a428271359625b9360d319ad.elf
Size

22KB
Sample

230603-z8fmdsab24
MD5

a79468f0a428271359625b9360d319ad
SHA1

638b337e7b1985fc7aa65ce8fe48ebe7d0290601
SHA256

56f386b78cadd6f9ea658ef5ddbef06c2ade3f43559ef64f2ac7857fff749693
SHA512

848d94adee7a49743d1a273e094446c820cfcabe198e5d18c7ea6b80de9f422c9cbcb5d9918a3d793c4bb3d6fd20ae7de324dd79a67b97e2cbadb7b40e86e23c
SSDEEP

384:jDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chQO1Hfmmcb4/N7KbxTKqB+cuiFqcJU:jDZ5Dw7RjFjcU+O24sDO1uE/Nmbx+qBq

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  a79468f0a428271359625b9360d319ad.elf
- Size
  
  22KB
- MD5
  
  a79468f0a428271359625b9360d319ad
- SHA1
  
  638b337e7b1985fc7aa65ce8fe48ebe7d0290601
- SHA256
  
  56f386b78cadd6f9ea658ef5ddbef06c2ade3f43559ef64f2ac7857fff749693
- SHA512
  
  848d94adee7a49743d1a273e094446c820cfcabe198e5d18c7ea6b80de9f422c9cbcb5d9918a3d793c4bb3d6fd20ae7de324dd79a67b97e2cbadb7b40e86e23c
- SSDEEP
  
  384:jDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chQO1Hfmmcb4/N7KbxTKqB+cuiFqcJU:jDZ5Dw7RjFjcU+O24sDO1uE/Nmbx+qBq
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet