mirai | 414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a | Triage

Sharing

General

Target

feff2b47b325842902985c3ca6cb2e5c.elf
Size

23KB
Sample

240325-lqgvvacd63
MD5

feff2b47b325842902985c3ca6cb2e5c
SHA1

2e4622e66fc60f26c1a7ac4249ed35d79a98a2ca
SHA256

414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a
SHA512

fdd6862758431ae969f4e8f6b66d952cad313ef34da0f421f41f50f3441f08e7aaa2f28dc9eb3fe92648527c9273c093363d1559ecd0c5ad5e88984124c02b28
SSDEEP

384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui3mdzJgGlzDpH7uNj1JA4F:neD8ZSWvZHZbs1row697qohQvg93izJi

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  feff2b47b325842902985c3ca6cb2e5c.elf
- Size
  
  23KB
- MD5
  
  feff2b47b325842902985c3ca6cb2e5c
- SHA1
  
  2e4622e66fc60f26c1a7ac4249ed35d79a98a2ca
- SHA256
  
  414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a
- SHA512
  
  fdd6862758431ae969f4e8f6b66d952cad313ef34da0f421f41f50f3441f08e7aaa2f28dc9eb3fe92648527c9273c093363d1559ecd0c5ad5e88984124c02b28
- SSDEEP
  
  384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui3mdzJgGlzDpH7uNj1JA4F:neD8ZSWvZHZbs1row697qohQvg93izJi
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet