mirai | ea410d9f9b0e9f3b8cf0e2cf8b05349b0e785658967ea87e4d7886927d6a524c | Triage

Sharing

General

Target

2ea3a2a141dcce319c20ea88eda97872.elf
Size

24KB
Sample

240321-hh3wkafa6x
MD5

2ea3a2a141dcce319c20ea88eda97872
SHA1

f845256531b444508c3e7e994d6e6e27ff6a4920
SHA256

ea410d9f9b0e9f3b8cf0e2cf8b05349b0e785658967ea87e4d7886927d6a524c
SHA512

cd9fb54fba5771fe6ba239924b294c9e1367a37408f1d9131120da8f1e58cda8e9570420ddef3043367accc23becf96145f75fd75e3f82d30fe7a40401dfff7a
SSDEEP

768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpqZqEWv1:/QlS07FUXqIYSXQKqueq/

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2ea3a2a141dcce319c20ea88eda97872.elf
- Size
  
  24KB
- MD5
  
  2ea3a2a141dcce319c20ea88eda97872
- SHA1
  
  f845256531b444508c3e7e994d6e6e27ff6a4920
- SHA256
  
  ea410d9f9b0e9f3b8cf0e2cf8b05349b0e785658967ea87e4d7886927d6a524c
- SHA512
  
  cd9fb54fba5771fe6ba239924b294c9e1367a37408f1d9131120da8f1e58cda8e9570420ddef3043367accc23becf96145f75fd75e3f82d30fe7a40401dfff7a
- SSDEEP
  
  768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpqZqEWv1:/QlS07FUXqIYSXQKqueq/
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet