mirai | 9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71 | Triage

Sharing

General

Target

9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71.elf
Size

24KB
Sample

240224-kwbeksfh91
MD5

13ef3819a8adb6cb90da5cd0aa1264b7
SHA1

f97c4590a8643079fd3d661251bce547f6b93546
SHA256

9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71
SHA512

21ff345aed2eb4387e05f9ca2ac2a0dd5d0f6be732aaa578e22cbcd26f7e4b04355df11cbd1ff1ead26e2cf142fcf03567b8e40b66f59ec2bfdb02268b23b7ea
SSDEEP

768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpVa1Zq8WvZb:BQlS07FUXqIYSXQKqukLq/

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71.elf
- Size
  
  24KB
- MD5
  
  13ef3819a8adb6cb90da5cd0aa1264b7
- SHA1
  
  f97c4590a8643079fd3d661251bce547f6b93546
- SHA256
  
  9f79e9bff2779e181e7fe43b1e98d183cebe2e9e70a886071795130d0d6b5c71
- SHA512
  
  21ff345aed2eb4387e05f9ca2ac2a0dd5d0f6be732aaa578e22cbcd26f7e4b04355df11cbd1ff1ead26e2cf142fcf03567b8e40b66f59ec2bfdb02268b23b7ea
- SSDEEP
  
  768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpVa1Zq8WvZb:BQlS07FUXqIYSXQKqukLq/
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet