mirai | 7614503f6ac85473976b5223cd85c588f672ada20849ee92277f9ebb81c7283d | Triage

Sharing

General

Target

fb9866f4f2c11311ed01e487d3fcbd6c.bin
Size

45KB
Sample

231013-el34ysdc7x
MD5

be1bbf49a9e175ee457f52789504e788
SHA1

ecea92f164595e92d4296da53bcf89565a1daa72
SHA256

7614503f6ac85473976b5223cd85c588f672ada20849ee92277f9ebb81c7283d
SHA512

93707e65655facb346f92d8abcbd1b2ae0f8750d5bd2f98fe8882cff29300e0197c3b25e12dbc890fd2ccecaea2c4030445effbc396dacbe439ed37cacd5c59a
SSDEEP

768:vYLQ1+rx+9vCdEg5WfHa8KozDwD4Ib9KL/3O7ra2HFICyogps6zhQzE:ALSpWl5Wfy8sD4IQr3O7ra2HF8SzE

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  48e35de50d2fd12a934a0b107de095102b8f828ec2c82476cfab6e6320e12a8a.elf
- Size
  
  45KB
- MD5
  
  fb9866f4f2c11311ed01e487d3fcbd6c
- SHA1
  
  eaddf4fd048e60e1cf635ee8a77038d771cdb888
- SHA256
  
  48e35de50d2fd12a934a0b107de095102b8f828ec2c82476cfab6e6320e12a8a
- SHA512
  
  80e9abce7513c44a501ad85acfb9f75f70a6aba6fb1312144852ddf9475f1aa9a12916c6bcf60c6d8feaab2734bea849ab5d433ba6e8089e83c548f8a501be33
- SSDEEP
  
  768:g/TYCoIxdEk+AxoTZAZHFeq8b3f9q3UELbUXfi6nVMQHI4vcGpvZ:gECFd+A6YHAxOLRQZZ
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet