mirai | 2c22f155089e5ac81ad2fefc1359baf84eb1dcc8825979c30215fd07aa5ebc6a | Triage

Sharing

General

Target

9e97cabed2791621daedd18dd5f22780.bin
Size

21KB
Sample

240312-d65b3sfd5t
MD5

f0f5333e5a3febc0370572494ad970f1
SHA1

3cbb9c13d14893645db3ae2d20057c853b6c63f8
SHA256

2c22f155089e5ac81ad2fefc1359baf84eb1dcc8825979c30215fd07aa5ebc6a
SHA512

34cfc935d27dfdade0534b90bffaea1ec85e570643fec315050a59bf9ed3ad32d89a647f344bd2d04e47a991c8716fcee33de12faba91effb48aaf636990cd5f
SSDEEP

384:Dm8XTUKEdD6OMKrQyK1ekWXzTMsHzhYBDgYecsGMSPpl/IZfmh6+Z3:zXTjEl6WQyTJhas+bIZeh6w3

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  0d2a01f2166970852dab438ab3a3de4196f10b539cfe681409220c36377d4a5d.elf
- Size
  
  21KB
- MD5
  
  9e97cabed2791621daedd18dd5f22780
- SHA1
  
  ee587516f0de395fe3c16c786beb189fc4251ae7
- SHA256
  
  0d2a01f2166970852dab438ab3a3de4196f10b539cfe681409220c36377d4a5d
- SHA512
  
  1e47518190653efdd6faf7dbe1ae9bcf5912b4f0a304f39a1edd172ae2a87ac14442589e08fcaf9f49eddbe8dca70923a5c4ec6a18c6fcc589e730f7fc457fa1
- SSDEEP
  
  384:WeqeJrIltQH5uFR/Narv6uQKJneeQrO4u/Lox3Er/1kKNzYpWhymdGUop5hP:WE5I7g5u7sHQKJnNYDXxc/bNspWs3Uo5
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet