mirai | cf2d69e7607069c6c21c9949d26dcc31e1bb8fc18b00d549bc0b74f79d189740 | Triage

Sharing

General

Target

5154bd652cc1369c0cee0a1de86353d8.elf
Size

45KB
Sample

231016-r1v34sag82
MD5

5154bd652cc1369c0cee0a1de86353d8
SHA1

8fcfa4d8b981bfd5e8f4da85c296ff60f40d70f8
SHA256

cf2d69e7607069c6c21c9949d26dcc31e1bb8fc18b00d549bc0b74f79d189740
SHA512

c76a141ae286ecde3816814e8160227f5be65ac7adc58fd84227d6cd064cc1671eb19da22233ce7e7a8c91e9226978fbab9e650cbc49ced95c0c8d3c924d1150
SSDEEP

768:S/TYCoIxdEk+AxoTZAZHFeq8b38CV9q3UELbUXfi6nVMQHI4vcGpvY:SECFd+A6YHAx8RLRQZY

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  5154bd652cc1369c0cee0a1de86353d8.elf
- Size
  
  45KB
- MD5
  
  5154bd652cc1369c0cee0a1de86353d8
- SHA1
  
  8fcfa4d8b981bfd5e8f4da85c296ff60f40d70f8
- SHA256
  
  cf2d69e7607069c6c21c9949d26dcc31e1bb8fc18b00d549bc0b74f79d189740
- SHA512
  
  c76a141ae286ecde3816814e8160227f5be65ac7adc58fd84227d6cd064cc1671eb19da22233ce7e7a8c91e9226978fbab9e650cbc49ced95c0c8d3c924d1150
- SSDEEP
  
  768:S/TYCoIxdEk+AxoTZAZHFeq8b38CV9q3UELbUXfi6nVMQHI4vcGpvY:SECFd+A6YHAx8RLRQZY
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet