mirai | 90ceb94118e058724436556bb5979fcb5053b11a0f6b693dbcac0f772918ae65 | Triage

Sharing

General

Target

90ceb94118e058724436556bb5979fcb5053b11a0f6b693dbcac0f772918ae65.elf
Size

27KB
Sample

240424-b16xlsdg7w
MD5

67411953a1abafcb7bece7e975202533
SHA1

9c9e2e8844056ea7de03a47f4718e17b4a359ee3
SHA256

90ceb94118e058724436556bb5979fcb5053b11a0f6b693dbcac0f772918ae65
SHA512

a6ece3c53c438e48a9dfe3cc88a0b41838c1f88a0e793c3f33d1f2f877ba7b28c746d446b0aa8807ec4402efa86bf6cbc2e64322da800b9e7dff20b6b31bf7d1
SSDEEP

768:yoltRHOi0optXiZ09WU0qHyerhZYRYKzYKjMJgGlzDpbuR1JT:Plf3ptXiW939OVYKjEVJup

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  90ceb94118e058724436556bb5979fcb5053b11a0f6b693dbcac0f772918ae65.elf
- Size
  
  27KB
- MD5
  
  67411953a1abafcb7bece7e975202533
- SHA1
  
  9c9e2e8844056ea7de03a47f4718e17b4a359ee3
- SHA256
  
  90ceb94118e058724436556bb5979fcb5053b11a0f6b693dbcac0f772918ae65
- SHA512
  
  a6ece3c53c438e48a9dfe3cc88a0b41838c1f88a0e793c3f33d1f2f877ba7b28c746d446b0aa8807ec4402efa86bf6cbc2e64322da800b9e7dff20b6b31bf7d1
- SSDEEP
  
  768:yoltRHOi0optXiZ09WU0qHyerhZYRYKzYKjMJgGlzDpbuR1JT:Plf3ptXiW939OVYKjEVJup
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet