mirai | 159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e | Triage

Sharing

General

Target

159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e.elf
Size

21KB
Sample

240311-cf7tvahf26
MD5

d5090bfb4c171c6aa9cd433283274b6d
SHA1

f1a838c25a5ce0eb4f2eddaae477abb0b09411a5
SHA256

159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e
SHA512

958a12357949975e8b67f17816a38fc8f99f04865b958cc21ddcb3adefeae22a314efc0ccf2bed22bc52a5a8076f102bdc17b285192778830e6dbda69d685bc3
SSDEEP

384:MgnLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadEg6LFUamvF0jsyV3bh/mGWxdxSo:J98o08kxofBE+ZkXauk1KxlmGWxdf7

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e.elf
- Size
  
  21KB
- MD5
  
  d5090bfb4c171c6aa9cd433283274b6d
- SHA1
  
  f1a838c25a5ce0eb4f2eddaae477abb0b09411a5
- SHA256
  
  159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e
- SHA512
  
  958a12357949975e8b67f17816a38fc8f99f04865b958cc21ddcb3adefeae22a314efc0ccf2bed22bc52a5a8076f102bdc17b285192778830e6dbda69d685bc3
- SSDEEP
  
  384:MgnLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadEg6LFUamvF0jsyV3bh/mGWxdxSo:J98o08kxofBE+ZkXauk1KxlmGWxdf7
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet