mirai | 3fc682f25e10fbb8951ee76d8eb5c03fb3eb167fdf5fa11102a12386fe96a452 | Triage

Sharing

General

Target

3f57000340c81869a1625b914bb4f7b0.bin
Size

20KB
Sample

231012-na59lsha92
MD5

f995d04adb1d359a406ce39ea8001755
SHA1

37c54d0d8c1a33acf515c11bdce3adda8db6b912
SHA256

3fc682f25e10fbb8951ee76d8eb5c03fb3eb167fdf5fa11102a12386fe96a452
SHA512

7f751d6d3122a833c911d0f1abd75937ee06db506f712a9a34f09fcbd1336f6795ce461d926b61931d954b76d3ff5fb1b854216f7a26890947261890ac54f8b0
SSDEEP

384:vtsRNBpgC5nXEutxawTLdZyiuu2YUyNfqgRBHQHff41zVyJGa5mMq28F:viRBUAxaMh3V2YpRqgevNB5I

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e62f7d3c0b043124162aa7c4a035f66ec48f0bbf38c6d6c3c994010ccc71acc4.elf
- Size
  
  20KB
- MD5
  
  3f57000340c81869a1625b914bb4f7b0
- SHA1
  
  6488d2776b5eeb4d3563d5b66c1eaaea6b4df286
- SHA256
  
  e62f7d3c0b043124162aa7c4a035f66ec48f0bbf38c6d6c3c994010ccc71acc4
- SHA512
  
  ab602ce0998b636ded274f1b720a1d85f1c6705bc8ea81b87d9810317b1754bdcb66622227c289b115923101ac740ede85488521afbd83940a016599a2f994dc
- SSDEEP
  
  384:Mg4Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTn:M98o08kxofBE+ZkXaITbp2F2TWul0c5r
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet