mirai | d25e50ae89fc454d81052890085eced2c065f9a79d83e4dcfc9a88883edf4e44 | Triage

Sharing

General

Target

96f5dd071e6724e4604f637c3af6ce24.bin
Size

23KB
Sample

240226-cm7sesba6s
MD5

ef47a10d38dd5f19a12ce291faea971f
SHA1

4165dfdcc10f21aea0e9b1f8bc65f6c9903f0f86
SHA256

d25e50ae89fc454d81052890085eced2c065f9a79d83e4dcfc9a88883edf4e44
SHA512

59b4d3aac8ab28f95d3b96f6d2822b0ebe1e5d91edf4c1f1fbeb7c2e14429dd215f870cd251faafcd3da6f080e20f84006a8677e7c3f81a919f4dcb55e9c4627
SSDEEP

384:mDIcnv1JKwBB63AqvSYEhzuHcXBdn1KFMzohui/sDZCh5jb1qtIW8eZA7xfsZzk8:mDIcnT7BBmwFXv1KS6f/Uif8CeW2l

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  4deb405c4dc93640de3bbaee41ec2dbea2630c0ba15ecde979455a998e304812.elf
- Size
  
  24KB
- MD5
  
  96f5dd071e6724e4604f637c3af6ce24
- SHA1
  
  928589b347fb15f61555795ff101398da7132b40
- SHA256
  
  4deb405c4dc93640de3bbaee41ec2dbea2630c0ba15ecde979455a998e304812
- SHA512
  
  a46a2168655a80e147d0c5a339610702d3c2e584f714ba547ed612c29d355dff9db4bb1c5c88f520e4d7e66da67db64b8750530dbb83f2548388ae224eee2a7d
- SSDEEP
  
  768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBpEZq8WvT:BQlS07FUXqIYSXQKqu8qN
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet