mirai | 1075632c7b6bfbfc2f69dac0b0b63725ccbee116daba11da70df9268bdd2ba83 | Triage

Sharing

General

Target

1075632c7b6bfbfc2f69dac0b0b63725ccbee116daba11da70df9268bdd2ba83.elf
Size

21KB
Sample

240328-cgjhmsae86
MD5

92185523d26b45d42b092989ffda80bb
SHA1

01a336b55e71158e4cc437b56bdaaf4035e0d314
SHA256

1075632c7b6bfbfc2f69dac0b0b63725ccbee116daba11da70df9268bdd2ba83
SHA512

0d0dee8ce0cb2747df6ce25b25034abe22ff2c9d66fcbbf42848414ceed69ad96add42aedc7749d1bbf30b7175d6936e51cda5e8dd57a2f55a7b8a3a33765a8d
SSDEEP

384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjOVRhymdGUop5hQ:vvQn4j+ZO5fKAlxCRs3UozS

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1075632c7b6bfbfc2f69dac0b0b63725ccbee116daba11da70df9268bdd2ba83.elf
- Size
  
  21KB
- MD5
  
  92185523d26b45d42b092989ffda80bb
- SHA1
  
  01a336b55e71158e4cc437b56bdaaf4035e0d314
- SHA256
  
  1075632c7b6bfbfc2f69dac0b0b63725ccbee116daba11da70df9268bdd2ba83
- SHA512
  
  0d0dee8ce0cb2747df6ce25b25034abe22ff2c9d66fcbbf42848414ceed69ad96add42aedc7749d1bbf30b7175d6936e51cda5e8dd57a2f55a7b8a3a33765a8d
- SSDEEP
  
  384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjOVRhymdGUop5hQ:vvQn4j+ZO5fKAlxCRs3UozS
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet