mirai | ecd2d8b6e2ca9c8374fdf9990c2550a34a5dd823c82083945714351b420cc3d9 | Triage

Sharing

General

Target

ecd2d8b6e2ca9c8374fdf9990c2550a34a5dd823c82083945714351b420cc3d9.elf
Size

22KB
Sample

240225-f2f5ssdc8t
MD5

b352d4ef82594cedb64ddb9e75b4c029
SHA1

c2066b0637bc8a674095e816da5a3dc1e0fa025f
SHA256

ecd2d8b6e2ca9c8374fdf9990c2550a34a5dd823c82083945714351b420cc3d9
SHA512

122be2549501e653fb96f8b23fe438f01a5593d8fb7ce5f3be1d820da49aaeca8abd9ca8870c63b86d274ca03225b868a49913070308a93a4954f0c51abcc93c
SSDEEP

384:UDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqO2k8/cuiFqO:UDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+qZW

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  ecd2d8b6e2ca9c8374fdf9990c2550a34a5dd823c82083945714351b420cc3d9.elf
- Size
  
  22KB
- MD5
  
  b352d4ef82594cedb64ddb9e75b4c029
- SHA1
  
  c2066b0637bc8a674095e816da5a3dc1e0fa025f
- SHA256
  
  ecd2d8b6e2ca9c8374fdf9990c2550a34a5dd823c82083945714351b420cc3d9
- SHA512
  
  122be2549501e653fb96f8b23fe438f01a5593d8fb7ce5f3be1d820da49aaeca8abd9ca8870c63b86d274ca03225b868a49913070308a93a4954f0c51abcc93c
- SSDEEP
  
  384:UDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqO2k8/cuiFqO:UDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+qZW
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet