mirai | df7c69b12bd7de8602a5e120911ed185c312c24246d221d87d3f894e7f73e280 | Triage

Sharing

General

Target

df7c69b12bd7de8602a5e120911ed185c312c24246d221d87d3f894e7f73e280_JC.elf
Size

45KB
Sample

231011-nbpcgsah3t
MD5

d6c1e940b3aa7ae921f965d88bf7ca94
SHA1

e7ff81f6199fecbb55be58feefe9abb2a1cdbc25
SHA256

df7c69b12bd7de8602a5e120911ed185c312c24246d221d87d3f894e7f73e280
SHA512

2a3c65f2f42f4a29ac1e1ed0f06c73f5fd8752fdb808150f569431c07e9cf01c9af19bf0762a845cb64c7ade5e57c8ecb739509813e790651d92117a5344f1d7
SSDEEP

768:hOsB+zn1If1XbPOY1JHQf8yn3P8wJZpy3qg39q3UELYIk9r/e/lQMqqzA+xoCBrW:hOseO1jp1JwZkw7UaJLYIO/e/lQMvE+Q

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  df7c69b12bd7de8602a5e120911ed185c312c24246d221d87d3f894e7f73e280_JC.elf
- Size
  
  45KB
- MD5
  
  d6c1e940b3aa7ae921f965d88bf7ca94
- SHA1
  
  e7ff81f6199fecbb55be58feefe9abb2a1cdbc25
- SHA256
  
  df7c69b12bd7de8602a5e120911ed185c312c24246d221d87d3f894e7f73e280
- SHA512
  
  2a3c65f2f42f4a29ac1e1ed0f06c73f5fd8752fdb808150f569431c07e9cf01c9af19bf0762a845cb64c7ade5e57c8ecb739509813e790651d92117a5344f1d7
- SSDEEP
  
  768:hOsB+zn1If1XbPOY1JHQf8yn3P8wJZpy3qg39q3UELYIk9r/e/lQMqqzA+xoCBrW:hOseO1jp1JwZkw7UaJLYIO/e/lQMvE+Q
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet