mirai | 9a65bce1c9a9f4d469b15e3a6111b0dce80fbcc197aad9d5253dc7e5c11a2d72 | Triage

Sharing

General

Target

9a65bce1c9a9f4d469b15e3a6111b0dce80fbcc197aad9d5253dc7e5c11a2d72.elf
Size

24KB
Sample

240322-dl8trshh6t
MD5

a1cf1cbfdcf4f771365a3b29ce9c4c62
SHA1

2a03a4cc4e9e0e34b048fcac68e9339582f82ef4
SHA256

9a65bce1c9a9f4d469b15e3a6111b0dce80fbcc197aad9d5253dc7e5c11a2d72
SHA512

a6acebf16397c17ac2929bbf819f35c644588bc0a17bc308a907bd8e301e7bbd24fd421a2352adf2f672a71cfb0b4558253cdcccc980178b0583731794c53c56
SSDEEP

768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpoZqEWvK:/QlS07FUXqIYSXQKquQqE

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  9a65bce1c9a9f4d469b15e3a6111b0dce80fbcc197aad9d5253dc7e5c11a2d72.elf
- Size
  
  24KB
- MD5
  
  a1cf1cbfdcf4f771365a3b29ce9c4c62
- SHA1
  
  2a03a4cc4e9e0e34b048fcac68e9339582f82ef4
- SHA256
  
  9a65bce1c9a9f4d469b15e3a6111b0dce80fbcc197aad9d5253dc7e5c11a2d72
- SHA512
  
  a6acebf16397c17ac2929bbf819f35c644588bc0a17bc308a907bd8e301e7bbd24fd421a2352adf2f672a71cfb0b4558253cdcccc980178b0583731794c53c56
- SSDEEP
  
  768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpoZqEWvK:/QlS07FUXqIYSXQKquQqE
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet