mirai | e3f4d5deba63f5ccf226bb0ff3398824d55ff3084d4f4a772e31f8b5bbfa116c | Triage

Sharing

General

Target

e3f4d5deba63f5ccf226bb0ff3398824d55ff3084d4f4a772e31f8b5bbfa116c.elf
Size

21KB
Sample

240328-c7bwgsdd2x
MD5

c22b11b4f9bcc44d2b71c490e5ac17f8
SHA1

260ea557f2a4a04d9c530836d3aab5319d4b9795
SHA256

e3f4d5deba63f5ccf226bb0ff3398824d55ff3084d4f4a772e31f8b5bbfa116c
SHA512

aa7a9651241f88b03fed2786578a11dbbc291ec2f793902d4302c8396a1841ad44f5fe869e36a9a77f4469f62167fd102e86c152e603c777968946e18ce5a730
SSDEEP

384:MEcDqRfKUWFH39z+/49ETXsayqWruQ7eqOZi5MoJz0ZhBi+v1Rp8:VMkKJFH39CBXsaAyKOZi61dp8

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  e3f4d5deba63f5ccf226bb0ff3398824d55ff3084d4f4a772e31f8b5bbfa116c.elf
- Size
  
  21KB
- MD5
  
  c22b11b4f9bcc44d2b71c490e5ac17f8
- SHA1
  
  260ea557f2a4a04d9c530836d3aab5319d4b9795
- SHA256
  
  e3f4d5deba63f5ccf226bb0ff3398824d55ff3084d4f4a772e31f8b5bbfa116c
- SHA512
  
  aa7a9651241f88b03fed2786578a11dbbc291ec2f793902d4302c8396a1841ad44f5fe869e36a9a77f4469f62167fd102e86c152e603c777968946e18ce5a730
- SSDEEP
  
  384:MEcDqRfKUWFH39z+/49ETXsayqWruQ7eqOZi5MoJz0ZhBi+v1Rp8:VMkKJFH39CBXsaAyKOZi61dp8
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet