mirai | 065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c | Triage

Sharing

General

Target

boatnet.mips
Size

23KB
Sample

240310-vgr4wsgh5w
MD5

f150541f0b605488f47cca50fc0ccf39
SHA1

5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa
SHA256

065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c
SHA512

27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325
SSDEEP

384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  boatnet.mips
- Size
  
  23KB
- MD5
  
  f150541f0b605488f47cca50fc0ccf39
- SHA1
  
  5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa
- SHA256
  
  065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c
- SHA512
  
  27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325
- SSDEEP
  
  384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet