mirai | 3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d | Triage

Sharing

General

Target

3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d.elf
Size

24KB
Sample

240428-bmwvgsdb2x
MD5

3be7690e67ad52c45eb442ab798c78e9
SHA1

3d383311c9d5014ab32830290b5ae3bc0a31b79e
SHA256

3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d
SHA512

d3d1e62768a3f85c4d2e6ac4e9ec8b26d2e05be25651d8e92a620f84876ac8a4db65901d4efa574cf6ebf972d5f81e279d6583c9f54e135c5eb9d411a5d914c7
SSDEEP

768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBptmZqEWv0:/QlS07FUXqIYSXQKqutqq+

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d.elf
- Size
  
  24KB
- MD5
  
  3be7690e67ad52c45eb442ab798c78e9
- SHA1
  
  3d383311c9d5014ab32830290b5ae3bc0a31b79e
- SHA256
  
  3a2fe13d2d3c98469fda605daa8ef573d26c070b75a64f86ce6593aa15a4a28d
- SHA512
  
  d3d1e62768a3f85c4d2e6ac4e9ec8b26d2e05be25651d8e92a620f84876ac8a4db65901d4efa574cf6ebf972d5f81e279d6583c9f54e135c5eb9d411a5d914c7
- SSDEEP
  
  768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBptmZqEWv0:/QlS07FUXqIYSXQKqutqq+
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet