mirai | 79a0050a771c7803bf7812edc386901d92b694a656bc1358ce3625eaa45f99a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15f6ae85dfe2746a6e574a176136202f.bin
Size

45KB
Sample

230830-bjb1xaca4t
MD5

fe22ea2b5ed9f38e75e9ffd5d197e31e
SHA1

527fb4133ffa975dfe8faa412a8819585bbd8382
SHA256

79a0050a771c7803bf7812edc386901d92b694a656bc1358ce3625eaa45f99a9
SHA512

da2fb146982fe973b9be418683318b7d24ab7b725747094314cb89e879dfb4507baf25c37c1331fc06931d88ef503328fe19dc9b72b3e9c2c18d44f9dcb2e0d5
SSDEEP

768:VClyLN4oPRnZ/lkGI+gdxiGlD9IVowlsNTeA4NXxQC0tNNy:VCi9PfRgSGx9IVUqrtdMDy

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  43239e4103e3aa663c28190b9701efcff0cd89532b13e92291d4ccadc0c77421.elf
- Size
  
  45KB
- MD5
  
  15f6ae85dfe2746a6e574a176136202f
- SHA1
  
  a5773815d53943ed4e5bad469874f832c66e44e7
- SHA256
  
  43239e4103e3aa663c28190b9701efcff0cd89532b13e92291d4ccadc0c77421
- SHA512
  
  f2227d41de056b7b87236cde888639ba86a05a249eea2f1072215339a8fb2e195ebd2c38b2c85b6724355bd0e546ae16afcf983df97be8645d806578bdbe92a6
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3Gb9q3UELbUXfi6nVMQHI4vcGpvS:DECFd+A6YHAxG6LRQZS
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet