mirai | e154e3122438a7f4f9d5e6cc7f3c511219862164e472b1e25f25d1aad4323ace | Triage

Sharing

General

Target

e154e3122438a7f4f9d5e6cc7f3c511219862164e472b1e25f25d1aad4323ace.elf
Size

24KB
Sample

240216-g7p6bscd76
MD5

07281957e1b2acc3a3ea14c513981573
SHA1

c676131df0547577abb17477456fd9fe702d70f5
SHA256

e154e3122438a7f4f9d5e6cc7f3c511219862164e472b1e25f25d1aad4323ace
SHA512

b40385bc44520bbc9ae12cc021e39be519cf8bb7a55eb01f3ee523b6fefce71637b6f6a8796ef46e36360be24ed8066f340ab08c5f4736259785a6892a542dcb
SSDEEP

768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpSZq8Wv9:BQlS07FUXqIYSXQKqu2qn

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e154e3122438a7f4f9d5e6cc7f3c511219862164e472b1e25f25d1aad4323ace.elf
- Size
  
  24KB
- MD5
  
  07281957e1b2acc3a3ea14c513981573
- SHA1
  
  c676131df0547577abb17477456fd9fe702d70f5
- SHA256
  
  e154e3122438a7f4f9d5e6cc7f3c511219862164e472b1e25f25d1aad4323ace
- SHA512
  
  b40385bc44520bbc9ae12cc021e39be519cf8bb7a55eb01f3ee523b6fefce71637b6f6a8796ef46e36360be24ed8066f340ab08c5f4736259785a6892a542dcb
- SSDEEP
  
  768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpSZq8Wv9:BQlS07FUXqIYSXQKqu2qn
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet