mirai | 25f35a6dbb7943f997babb94b54a50060513c58cf7ad2a3dd192138589bdd257 | Triage

Sharing

General

Target

25f35a6dbb7943f997babb94b54a50060513c58cf7ad2a3dd192138589bdd257.elf
Size

23KB
Sample

240328-cjkhqach6t
MD5

aaa98c8ab0cc5e8c89c5c021c17533c3
SHA1

522c3bcd947273bb19c86be239da01c4ce0ecd9e
SHA256

25f35a6dbb7943f997babb94b54a50060513c58cf7ad2a3dd192138589bdd257
SHA512

b2a92354580e02a42b86791fd4aef0f44c1c9bf9a8a7b088cc01280447ca5a12c3cf2d7ff4e0b1d5a83a57a08b137c6223ecf5ca539ae1504b08058954739a48
SSDEEP

384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuidmdzJgGlzDpH7uNj1JA4g:neD8ZSWvZHZbs1row697qohQvg9dizJn

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  25f35a6dbb7943f997babb94b54a50060513c58cf7ad2a3dd192138589bdd257.elf
- Size
  
  23KB
- MD5
  
  aaa98c8ab0cc5e8c89c5c021c17533c3
- SHA1
  
  522c3bcd947273bb19c86be239da01c4ce0ecd9e
- SHA256
  
  25f35a6dbb7943f997babb94b54a50060513c58cf7ad2a3dd192138589bdd257
- SHA512
  
  b2a92354580e02a42b86791fd4aef0f44c1c9bf9a8a7b088cc01280447ca5a12c3cf2d7ff4e0b1d5a83a57a08b137c6223ecf5ca539ae1504b08058954739a48
- SSDEEP
  
  384:neD8ZSH2LLZUYyGZbsOiTrowSN9rnZMINlphQ/HYtuidmdzJgGlzDpH7uNj1JA4g:neD8ZSWvZHZbs1row697qohQvg9dizJn
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet