mirai | 09081df20d420754042ac549b8abd72b004227b9ff269259643524d044f41ba1 | Triage

Sharing

General

Target

SecuriteInfo.com.Linux.Siggen.9999.28296.16277.elf
Size

23KB
Sample

230808-t1cymsea26
MD5

8bad1155b556fca8d3d9433c87a9f0e1
SHA1

a20c79546003dc1d47190c67ff1e579ff5d20ca5
SHA256

09081df20d420754042ac549b8abd72b004227b9ff269259643524d044f41ba1
SHA512

dc3c1cd5aa7d3a18a9ce39c2609565b42ea718adf6d7fec799bd2cae0b1330e9ca1a41da22a77dea29df2faaf1dee2662972b508380234a123424e818fe337cc
SSDEEP

384:+8CiWwqONsP1gznEg78L7TZhedY5Mwbo/uTwqBTkWNDEvi+VqmfXFJgGlzDpH7uw:+riYONxD6Kx9uTt/NYvRVqeXFJgGlzDJ

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  SecuriteInfo.com.Linux.Siggen.9999.28296.16277.elf
- Size
  
  23KB
- MD5
  
  8bad1155b556fca8d3d9433c87a9f0e1
- SHA1
  
  a20c79546003dc1d47190c67ff1e579ff5d20ca5
- SHA256
  
  09081df20d420754042ac549b8abd72b004227b9ff269259643524d044f41ba1
- SHA512
  
  dc3c1cd5aa7d3a18a9ce39c2609565b42ea718adf6d7fec799bd2cae0b1330e9ca1a41da22a77dea29df2faaf1dee2662972b508380234a123424e818fe337cc
- SSDEEP
  
  384:+8CiWwqONsP1gznEg78L7TZhedY5Mwbo/uTwqBTkWNDEvi+VqmfXFJgGlzDpH7uw:+riYONxD6Kx9uTt/NYvRVqeXFJgGlzDJ
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet