mirai | 83c04ea170896a2740415e661b018a75f3e02206252b8bf882d6c3f95dd84b5a | Triage

Sharing

General

Target

83c04ea170896a2740415e661b018a75f3e02206252b8bf882d6c3f95dd84b5a.elf
Size

21KB
Sample

240322-detq9sff33
MD5

58744b71ec1fea6c68a3d24df90c8062
SHA1

b0d218593f6381f4adac72352f181a0633670a42
SHA256

83c04ea170896a2740415e661b018a75f3e02206252b8bf882d6c3f95dd84b5a
SHA512

aba6321a91ad4e3e608ac1a3d016382c9b51df5f1046848d9ef170665b03a98c45cf396fb5a831037cbbd85f6a3643e75c5189a080a5f719c1c5eecb07d6b7b2
SSDEEP

384:MLcDqRfKUWFH39z+/49ETYMV3uBr2goFS3KROig1od4SftODjC1rtvLDG+v1RpM:mMkKJFH39CBYq34rVorON1hSfADjC1rS

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  83c04ea170896a2740415e661b018a75f3e02206252b8bf882d6c3f95dd84b5a.elf
- Size
  
  21KB
- MD5
  
  58744b71ec1fea6c68a3d24df90c8062
- SHA1
  
  b0d218593f6381f4adac72352f181a0633670a42
- SHA256
  
  83c04ea170896a2740415e661b018a75f3e02206252b8bf882d6c3f95dd84b5a
- SHA512
  
  aba6321a91ad4e3e608ac1a3d016382c9b51df5f1046848d9ef170665b03a98c45cf396fb5a831037cbbd85f6a3643e75c5189a080a5f719c1c5eecb07d6b7b2
- SSDEEP
  
  384:MLcDqRfKUWFH39z+/49ETYMV3uBr2goFS3KROig1od4SftODjC1rtvLDG+v1RpM:mMkKJFH39CBYq34rVorON1hSfADjC1rS
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet