mirai | 7b538cf77e4013f2bd06cd223da47bd1c4d48a1a8970a14f7c02447e60684f52 | Triage

Sharing

General

Target

6b22bcfa6506a08f711148d27c4eb3fd.elf
Size

21KB
Sample

240308-117lksgh76
MD5

6b22bcfa6506a08f711148d27c4eb3fd
SHA1

7e5359906145fcc853f0ddca2aafb21f205890b2
SHA256

7b538cf77e4013f2bd06cd223da47bd1c4d48a1a8970a14f7c02447e60684f52
SHA512

b9fba14513976d68aa0402c21a731ee9c585a059b7f26c31fb39f9ad4315076f9e6b9699896cfb02fcf38d3bf754773e6936dfb9d8757744b4418ddce8e0ef24
SSDEEP

384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjEOhymdGUop5hR:vvQn4j+ZO5fKAlxxs3UozH

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  6b22bcfa6506a08f711148d27c4eb3fd.elf
- Size
  
  21KB
- MD5
  
  6b22bcfa6506a08f711148d27c4eb3fd
- SHA1
  
  7e5359906145fcc853f0ddca2aafb21f205890b2
- SHA256
  
  7b538cf77e4013f2bd06cd223da47bd1c4d48a1a8970a14f7c02447e60684f52
- SHA512
  
  b9fba14513976d68aa0402c21a731ee9c585a059b7f26c31fb39f9ad4315076f9e6b9699896cfb02fcf38d3bf754773e6936dfb9d8757744b4418ddce8e0ef24
- SSDEEP
  
  384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjEOhymdGUop5hR:vvQn4j+ZO5fKAlxxs3UozH
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet