mirai | c5c5ab5856200686e97e5c848c2d1d2efc58d2bf94e5963f5f42e6afd4bb1f28 | Triage

Sharing

General

Target

c5c5ab5856200686e97e5c848c2d1d2efc58d2bf94e5963f5f42e6afd4bb1f28.elf
Size

24KB
Sample

240328-c3npgsdc4x
MD5

8d50ecfef548023a29d72b90b3d95209
SHA1

9a781e62007daf9aab6203c1015fdd777bfcc654
SHA256

c5c5ab5856200686e97e5c848c2d1d2efc58d2bf94e5963f5f42e6afd4bb1f28
SHA512

a7b9826d79165a94ef114865658ab0ee6adeca0f3d112f60e2c1eb50419577ecb1a7e82fef7ed1e6304a4d8c9817db57f5e5b3b5f0c44092ff1cd6fda0faaf31
SSDEEP

768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBp8OZqEWvg:/QlS07FUXqIYSXQKquhqW

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  c5c5ab5856200686e97e5c848c2d1d2efc58d2bf94e5963f5f42e6afd4bb1f28.elf
- Size
  
  24KB
- MD5
  
  8d50ecfef548023a29d72b90b3d95209
- SHA1
  
  9a781e62007daf9aab6203c1015fdd777bfcc654
- SHA256
  
  c5c5ab5856200686e97e5c848c2d1d2efc58d2bf94e5963f5f42e6afd4bb1f28
- SHA512
  
  a7b9826d79165a94ef114865658ab0ee6adeca0f3d112f60e2c1eb50419577ecb1a7e82fef7ed1e6304a4d8c9817db57f5e5b3b5f0c44092ff1cd6fda0faaf31
- SSDEEP
  
  768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBp8OZqEWvg:/QlS07FUXqIYSXQKquhqW
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet