mirai | c01bedb69b31a7e8c0b810012f6736f92941dc62c437246d2337ac892c2770d6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c01bedb69b31a7e8c0b810012f6736f92941dc62c437246d2337ac892c2770d6_JC.elf
Size

45KB
Sample

231010-wq58jshd55
MD5

03347553d90a15e8ae47297cf5731952
SHA1

48d35facbea380450ff4ab48d65a7f597e3bceb4
SHA256

c01bedb69b31a7e8c0b810012f6736f92941dc62c437246d2337ac892c2770d6
SHA512

f3106cac09e37999112e8f1c8db68f73eefcbce559db2d9d3ebf4226ba680b61754f3be7ccd7d5ebad2cafa84aa074b6d650801087945584a6c17073e7053ede
SSDEEP

768:D/TYCoIxdEk+AxoTZAZHFeq8b3d9q3UELbUXfi6nVMQHI4vcGpv5:DECFd+A6YHAxwLRQZ5

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  c01bedb69b31a7e8c0b810012f6736f92941dc62c437246d2337ac892c2770d6_JC.elf
- Size
  
  45KB
- MD5
  
  03347553d90a15e8ae47297cf5731952
- SHA1
  
  48d35facbea380450ff4ab48d65a7f597e3bceb4
- SHA256
  
  c01bedb69b31a7e8c0b810012f6736f92941dc62c437246d2337ac892c2770d6
- SHA512
  
  f3106cac09e37999112e8f1c8db68f73eefcbce559db2d9d3ebf4226ba680b61754f3be7ccd7d5ebad2cafa84aa074b6d650801087945584a6c17073e7053ede
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3d9q3UELbUXfi6nVMQHI4vcGpv5:DECFd+A6YHAxwLRQZ5
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet