mirai | 8d33fd215655f9363fb35358a93a0d6bd8507b692efb5f2d6d18ad10e99825d3 | Triage

Sharing

General

Target

b098ed670f49aab90c28433d05df3698.elf
Size

24KB
Sample

240327-pjbl2afa6z
MD5

b098ed670f49aab90c28433d05df3698
SHA1

81397d681b0912466941be0fea90e5d0a7569ce0
SHA256

8d33fd215655f9363fb35358a93a0d6bd8507b692efb5f2d6d18ad10e99825d3
SHA512

31074cbc123cd184b8182039eb3d3496689ef5a2418de1c69d0da13b547b273fbc5ca9d111c2b86758d933e0fbe0ba2db9f3b8763f661009cd41cd6699c0acc2
SSDEEP

768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpCZqEWvX:/QlS07FUXqIYSXQKquGqt

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b098ed670f49aab90c28433d05df3698.elf
- Size
  
  24KB
- MD5
  
  b098ed670f49aab90c28433d05df3698
- SHA1
  
  81397d681b0912466941be0fea90e5d0a7569ce0
- SHA256
  
  8d33fd215655f9363fb35358a93a0d6bd8507b692efb5f2d6d18ad10e99825d3
- SHA512
  
  31074cbc123cd184b8182039eb3d3496689ef5a2418de1c69d0da13b547b273fbc5ca9d111c2b86758d933e0fbe0ba2db9f3b8763f661009cd41cd6699c0acc2
- SSDEEP
  
  768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpCZqEWvX:/QlS07FUXqIYSXQKquGqt
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet