mirai | d1e6e268a5755d36955ebd5674ff9c0e7d0bc2d6745a84fd6106863c870e4f07 | Triage

Sharing

General

Target

boatnet.x86.elf
Size

48KB
Sample

240221-tagh5sba42
MD5

49017f843a832a3039c2910dd51b0532
SHA1

926c88bc8e8ef19d560ded79db8f309b86e966b2
SHA256

d1e6e268a5755d36955ebd5674ff9c0e7d0bc2d6745a84fd6106863c870e4f07
SHA512

d16105af4a9909e4b959538fd43fe66f2aaf880ebbc41ef64f6c5820ac11a3298824707f8c68f9d9b47227b0b0173ba074bd25d1443676fe206b3e2545874115
SSDEEP

1536:6nJRT4QPfZfW5XTOeY3Dve3AG+1pa/4Qw7bn2ise:Gv4QPfZfW5XTOeoEzG0AQwf2i

Score

10^/10

mirai lzrd linux

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.x86.elf
- Size
  
  48KB
- MD5
  
  49017f843a832a3039c2910dd51b0532
- SHA1
  
  926c88bc8e8ef19d560ded79db8f309b86e966b2
- SHA256
  
  d1e6e268a5755d36955ebd5674ff9c0e7d0bc2d6745a84fd6106863c870e4f07
- SHA512
  
  d16105af4a9909e4b959538fd43fe66f2aaf880ebbc41ef64f6c5820ac11a3298824707f8c68f9d9b47227b0b0173ba074bd25d1443676fe206b3e2545874115
- SSDEEP
  
  1536:6nJRT4QPfZfW5XTOeY3Dve3AG+1pa/4Qw7bn2ise:Gv4QPfZfW5XTOeoEzG0AQwf2i
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1