mirai | 414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a | Triage

Sharing

General

Target

414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a.elf
Size

23KB
Sample

240326-clt5yaee9w
MD5

feff2b47b325842902985c3ca6cb2e5c
SHA1

2e4622e66fc60f26c1a7ac4249ed35d79a98a2ca
SHA256

414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a
SHA512

fdd6862758431ae969f4e8f6b66d952cad313ef34da0f421f41f50f3441f08e7aaa2f28dc9eb3fe92648527c9273c093363d1559ecd0c5ad5e88984124c02b28
SSDEEP

384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui3mdzJgGlzDpH7uNj1JA4F:neD8ZSWvZHZbs1row697qohQvg93izJi

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a.elf
- Size
  
  23KB
- MD5
  
  feff2b47b325842902985c3ca6cb2e5c
- SHA1
  
  2e4622e66fc60f26c1a7ac4249ed35d79a98a2ca
- SHA256
  
  414f89244a2a7d409d121a8c12f2143534da9b6319f91d089bcdc8c4fc7e5c7a
- SHA512
  
  fdd6862758431ae969f4e8f6b66d952cad313ef34da0f421f41f50f3441f08e7aaa2f28dc9eb3fe92648527c9273c093363d1559ecd0c5ad5e88984124c02b28
- SSDEEP
  
  384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtui3mdzJgGlzDpH7uNj1JA4F:neD8ZSWvZHZbs1row697qohQvg93izJi
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet