mirai | ce396f1a2adbcc0a82cc5610b9ed9854875594f262762dfe08a94f9413ee8b8a | Triage

Sharing

General

Target

f150541f0b605488f47cca50fc0ccf39.bin
Size

22KB
Sample

240312-fab2rsae55
MD5

bd5b9b79b074d976ee7e63977c638b40
SHA1

b1ed39c37c12de29d2a55d924993215c298d73ec
SHA256

ce396f1a2adbcc0a82cc5610b9ed9854875594f262762dfe08a94f9413ee8b8a
SHA512

015f13ca29826d8270a9e8740373a210a89144dd63070d58c5f04d0077024525c384ef217421a643eb8bc0842502fef1e2e5d6efe682c6f8da3516291da3f586
SSDEEP

384:RC3wqg+nJ57k+8bp8tHWu33wMNmsrguNyS0shmD1eYnfA76s+5k/L22Y:RCAqg+nE+qO2MgM1kS0+7Yn4xIoL22Y

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c.elf
- Size
  
  23KB
- MD5
  
  f150541f0b605488f47cca50fc0ccf39
- SHA1
  
  5c62ab5ab0abdd9314ff64dbf8ac65d0fb83effa
- SHA256
  
  065142fda6a8fe1845fbbee8366ff17ecd40c8f57ce940e66f7432ef8fe9f49c
- SHA512
  
  27cda69221ca4c5b061f3c16392f19c872904c560c960c4b6ee9dc442926ec75310d01920f2c45d4e1bd4a0676e325342c66063611f363b36fc19f2ae4acf325
- SSDEEP
  
  384:NeD8ZSH2LLZUYyGZbsOiTrowSXH7+JWJryngV9M5Us+X/l9W+gmdLJgGlzDpH7uE:NeD8ZSWvZHZbs1rowOH7+4rzV++vlMit
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet