mirai | 3de9a6c4ec9731408c65bcae040263fc955928a7b542c7f4515f4aa37530829d | Triage

Sharing

General

Target

3de9a6c4ec9731408c65bcae040263fc955928a7b542c7f4515f4aa37530829d.elf
Size

45KB
Sample

240411-bkhj3sbc7s
MD5

c2405d5b7e609c9cfbca86434e308ed6
SHA1

8f89ca073e422d4a66a0269607458695f7067b52
SHA256

3de9a6c4ec9731408c65bcae040263fc955928a7b542c7f4515f4aa37530829d
SHA512

356327cfffb476be32f679228f220b16135bd2c069ef3b9d1259471275742a87adb0ec2fd6c06d623378d7c7693850027fa0101c221cb8caff1e6be5d972be58
SSDEEP

768:D/TYCoIxdEk+AxoTZAZHFeq8b3K9q3UELbUXfi6nVMQHI4vcGpvN:DECFd+A6YHAx/LRQZN

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  3de9a6c4ec9731408c65bcae040263fc955928a7b542c7f4515f4aa37530829d.elf
- Size
  
  45KB
- MD5
  
  c2405d5b7e609c9cfbca86434e308ed6
- SHA1
  
  8f89ca073e422d4a66a0269607458695f7067b52
- SHA256
  
  3de9a6c4ec9731408c65bcae040263fc955928a7b542c7f4515f4aa37530829d
- SHA512
  
  356327cfffb476be32f679228f220b16135bd2c069ef3b9d1259471275742a87adb0ec2fd6c06d623378d7c7693850027fa0101c221cb8caff1e6be5d972be58
- SSDEEP
  
  768:D/TYCoIxdEk+AxoTZAZHFeq8b3K9q3UELbUXfi6nVMQHI4vcGpvN:DECFd+A6YHAx/LRQZN
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet