mirai | e5f05fa9033fe04055eaf20e1a39ad2b5af0085a7b141f1b9ff19d7759b2d887 | Triage

Sharing

General

Target

3940ad85e92bba493621b2bf80622d58.bin
Size

45KB
Sample

230605-myabeaga82
MD5

02ffc3f71c11c2b6d81eb07032acbef7
SHA1

1ac6c6760831c69208556a5fffcba25d2f29aff5
SHA256

e5f05fa9033fe04055eaf20e1a39ad2b5af0085a7b141f1b9ff19d7759b2d887
SHA512

bbb5025efb766fd94dab181f16bad12b56ef75b2ed824f32b2c4ae9bc4d2e8c1849a105707a5069f85b7cdbf9510461c2bf701f2a6faf279ee16b07a443fc303
SSDEEP

768:U462eTAys8fm0eMxuySOg53nE2V9MhopvzWMWKFRUq53dMvRNWsAOZj:Ux2eTFsZauyY37Vycvzli2sAa

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984.elf
- Size
  
  45KB
- MD5
  
  3940ad85e92bba493621b2bf80622d58
- SHA1
  
  1861ba1682bb29284361ff5784aacdc7dc23f4fa
- SHA256
  
  e288e0300b62d77fef5a4d81c0e6758f0336ca9c4c90f5c4d29cec78fab0c984
- SHA512
  
  5f1e29a3501e152cd780571a2dced25b4f557cf6baf1e9c98053ff7e4b524196e66e89cb12e4679c6a1c04a22cf41ca56aec1333a466e5bdc68898ad04f2e1e8
- SSDEEP
  
  768:g/TYCoIxdEk+AxoTZAZHFeq8b3H9q3UELbUXfi6nVMQHI4vcGpvj:gECFd+A6YHAxWLRQZj
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet