mirai | 303a2e03986e837a27cc105d2f905f5d7a31dd8411a585921db98510471bf2dd | Triage

Sharing

General

Target

2d4c97ceed11da5dfddec45ac80ca5fa.elf
Size

22KB
Sample

240327-k6rjjsha97
MD5

2d4c97ceed11da5dfddec45ac80ca5fa
SHA1

7120e75d6bcb65a112cfbe97c264978a893281d0
SHA256

303a2e03986e837a27cc105d2f905f5d7a31dd8411a585921db98510471bf2dd
SHA512

51bf053b2fcead22517387e0667b81fed295818512a771e5019c00fba6d79793ccad2c4f8125b9ad21b4be3ba143fa1307760b3334dfb05ad411016bdfc45d59
SSDEEP

384:pDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqpkN0cuiFqcz:pDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+q+v

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  2d4c97ceed11da5dfddec45ac80ca5fa.elf
- Size
  
  22KB
- MD5
  
  2d4c97ceed11da5dfddec45ac80ca5fa
- SHA1
  
  7120e75d6bcb65a112cfbe97c264978a893281d0
- SHA256
  
  303a2e03986e837a27cc105d2f905f5d7a31dd8411a585921db98510471bf2dd
- SHA512
  
  51bf053b2fcead22517387e0667b81fed295818512a771e5019c00fba6d79793ccad2c4f8125b9ad21b4be3ba143fa1307760b3334dfb05ad411016bdfc45d59
- SSDEEP
  
  384:pDYC95A2rM7RjFrvX2V6H2XJ8LaHYsbX1chNuHfmmcb4/N7KbxTKqpkN0cuiFqcz:pDZ5Dw7RjFjcU+O24sDOuuE/Nmbx+q+v
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet