mirai | 40a76d772e76b261433c38fae5f525c984660c85c9881fc3d8a1d197b20b97d8 | Triage

Sharing

General

Target

40a76d772e76b261433c38fae5f525c984660c85c9881fc3d8a1d197b20b97d8.elf
Size

53KB
Sample

240212-drjrtsbh21
MD5

8ec931cf42a30f2d4c3f44e0b7b868c9
SHA1

6caf51d45728c618815847e068eb8655f72eacdb
SHA256

40a76d772e76b261433c38fae5f525c984660c85c9881fc3d8a1d197b20b97d8
SHA512

cfeaf2559e0b63fcf780b5b21ce54b780adad71a0e685b3a37c58d921157c9cffe822072f3bee23f470919189db97f7f9710c2f387b2e1de817c413784250b46
SSDEEP

1536:gfHlPDdJaEcLAeF9TUDWog1Hlcw/0QkiuVn4P:yHlPZMEcTFZ2A1HlcE0hVn4P

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  40a76d772e76b261433c38fae5f525c984660c85c9881fc3d8a1d197b20b97d8.elf
- Size
  
  53KB
- MD5
  
  8ec931cf42a30f2d4c3f44e0b7b868c9
- SHA1
  
  6caf51d45728c618815847e068eb8655f72eacdb
- SHA256
  
  40a76d772e76b261433c38fae5f525c984660c85c9881fc3d8a1d197b20b97d8
- SHA512
  
  cfeaf2559e0b63fcf780b5b21ce54b780adad71a0e685b3a37c58d921157c9cffe822072f3bee23f470919189db97f7f9710c2f387b2e1de817c413784250b46
- SSDEEP
  
  1536:gfHlPDdJaEcLAeF9TUDWog1Hlcw/0QkiuVn4P:yHlPZMEcTFZ2A1HlcE0hVn4P
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1