mirai | 531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e | Triage

Sharing

General

Target

531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e.elf
Size

25KB
Sample

240502-brx84sda2v
MD5

e3e4a77e6f715990ac2d9f1f3844d61f
SHA1

e0b5fbbe7b3291c07e053a3a709e8c75fd8556d0
SHA256

531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e
SHA512

4e59a4691b1c62767b7a787bbf694b1b409a88342b746c8fcfcab57bb4877133deb1e27a5f7660651ebd206fdcedb1c7867cd40f20dfcde48891437d3b941c4d
SSDEEP

768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2Yp3rsz3:h4OvfeTh9NVAz3

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e.elf
- Size
  
  25KB
- MD5
  
  e3e4a77e6f715990ac2d9f1f3844d61f
- SHA1
  
  e0b5fbbe7b3291c07e053a3a709e8c75fd8556d0
- SHA256
  
  531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e
- SHA512
  
  4e59a4691b1c62767b7a787bbf694b1b409a88342b746c8fcfcab57bb4877133deb1e27a5f7660651ebd206fdcedb1c7867cd40f20dfcde48891437d3b941c4d
- SSDEEP
  
  768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2Yp3rsz3:h4OvfeTh9NVAz3
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet