mirai | 04506e7241ac99bb6303dec9e732fa492e57bf61e36ae6952ffae6d6d28ce8f8 | Triage

Sharing

General

Target

04506e7241ac99bb6303dec9e732fa492e57bf61e36ae6952ffae6d6d28ce8f8.elf
Size

48KB
Sample

240212-de6qtscd52
MD5

06b7be4d2654b6fb8955cbe7ef47c9ca
SHA1

c42d2690fbdaf8ef4caaa2aaa414dbafc550f0c1
SHA256

04506e7241ac99bb6303dec9e732fa492e57bf61e36ae6952ffae6d6d28ce8f8
SHA512

8b39ba7e2ff4ad277b7b902ff8c8b428563469047400f9a44abcecd319acbede0a8699a03cd6333079c75b604cb4475fde8420a170f8dea6fa8dbea2c08e3ee7
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3DvehAG+1pa/4Qw7bn2iFe:Gv4QPfZfW5XTOeoezG0AQwf2i

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  04506e7241ac99bb6303dec9e732fa492e57bf61e36ae6952ffae6d6d28ce8f8.elf
- Size
  
  48KB
- MD5
  
  06b7be4d2654b6fb8955cbe7ef47c9ca
- SHA1
  
  c42d2690fbdaf8ef4caaa2aaa414dbafc550f0c1
- SHA256
  
  04506e7241ac99bb6303dec9e732fa492e57bf61e36ae6952ffae6d6d28ce8f8
- SHA512
  
  8b39ba7e2ff4ad277b7b902ff8c8b428563469047400f9a44abcecd319acbede0a8699a03cd6333079c75b604cb4475fde8420a170f8dea6fa8dbea2c08e3ee7
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3DvehAG+1pa/4Qw7bn2iFe:Gv4QPfZfW5XTOeoezG0AQwf2i
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1