mirai | d888454ddeef94c3363d9e517850134e55abd118ae678a56cc406f36c9788fb3 | Triage

Sharing

General

Target

d5090bfb4c171c6aa9cd433283274b6d.bin
Size

20KB
Sample

240312-en2znshh98
MD5

4f1b95c76e835a99d817ec2b04e42a93
SHA1

7be2de66541be0559cff260465386d20402e57c6
SHA256

d888454ddeef94c3363d9e517850134e55abd118ae678a56cc406f36c9788fb3
SHA512

a6a814ecf88f5d250530be00370347e91e6bc7f8cd831441e0b12da6306811249bc792d6a3f988b6fad1e413a45295047a8a1af92149502510a6788aad099f9d
SSDEEP

384:Zgnu14WsXBFLkJbEhmj+CBA9d1aQb1ljRnwL3br0fMXfynrEJJuOLNcqPLSzy:Ou18CbEhHCqz1aQhBVikTROLZPLmy

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e.elf
- Size
  
  21KB
- MD5
  
  d5090bfb4c171c6aa9cd433283274b6d
- SHA1
  
  f1a838c25a5ce0eb4f2eddaae477abb0b09411a5
- SHA256
  
  159acf9dac405bc4087753c001694f143b2167e10880c10749eaa2b90f293a1e
- SHA512
  
  958a12357949975e8b67f17816a38fc8f99f04865b958cc21ddcb3adefeae22a314efc0ccf2bed22bc52a5a8076f102bdc17b285192778830e6dbda69d685bc3
- SSDEEP
  
  384:MgnLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadEg6LFUamvF0jsyV3bh/mGWxdxSo:J98o08kxofBE+ZkXauk1KxlmGWxdf7
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet