mirai | 66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7 | Triage

Sharing

General

Target

66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7.elf
Size

21KB
Sample

240326-c1zzqseg3z
MD5

8c31c17fc49e1980133565ca3f73bae6
SHA1

ca80fdea40a75f6d91a31f62eaa2734dc11bc8ed
SHA256

66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7
SHA512

ab72e309da53c89bb24d05474ca1a3f3f13d9146f47af5e46bb9e9a5a25c8024941f2b027e8ba3cb2411d72c683a417526d649ed4f83275ca50882a8f9384188
SSDEEP

384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjJLhymdGUop5hi:vvQn4j+ZO5fKAlx9s3Uozk

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7.elf
- Size
  
  21KB
- MD5
  
  8c31c17fc49e1980133565ca3f73bae6
- SHA1
  
  ca80fdea40a75f6d91a31f62eaa2734dc11bc8ed
- SHA256
  
  66f69eb0e036c62e16695826f77b35f46cd21ef6147398c6fed885130ef2fbd7
- SHA512
  
  ab72e309da53c89bb24d05474ca1a3f3f13d9146f47af5e46bb9e9a5a25c8024941f2b027e8ba3cb2411d72c683a417526d649ed4f83275ca50882a8f9384188
- SSDEEP
  
  384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjJLhymdGUop5hi:vvQn4j+ZO5fKAlx9s3Uozk
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet