mirai | e762b31b5db2cd2f3101d93a05f98ae180295d6cc1178a86dfb09d613052068d | Triage

Sharing

General

Target

9ebef94af47bf4c7fbfd415f82f62210.elf
Size

23KB
Sample

240503-adrczaaa2x
MD5

9ebef94af47bf4c7fbfd415f82f62210
SHA1

c3a37ef3737b028d18e72e827d3f545e76b24ba2
SHA256

e762b31b5db2cd2f3101d93a05f98ae180295d6cc1178a86dfb09d613052068d
SHA512

3016bbe5bd9205e20a22d10e56697735e08516abbcf37dc581d89091c7786ba2976238f8fad4425d8ef89f16cea523b85f198d6a3fb77f48976f91941f348363
SSDEEP

384:MnB6Yj833S7YSpsGE0m1SAqMaECTS2llsFMP3mrXcTc5cb5rFldGSzwv01JZieeT:m3j8tB0m1SAiTxv0qmrMQ8dGCwv1eBs

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  9ebef94af47bf4c7fbfd415f82f62210.elf
- Size
  
  23KB
- MD5
  
  9ebef94af47bf4c7fbfd415f82f62210
- SHA1
  
  c3a37ef3737b028d18e72e827d3f545e76b24ba2
- SHA256
  
  e762b31b5db2cd2f3101d93a05f98ae180295d6cc1178a86dfb09d613052068d
- SHA512
  
  3016bbe5bd9205e20a22d10e56697735e08516abbcf37dc581d89091c7786ba2976238f8fad4425d8ef89f16cea523b85f198d6a3fb77f48976f91941f348363
- SSDEEP
  
  384:MnB6Yj833S7YSpsGE0m1SAqMaECTS2llsFMP3mrXcTc5cb5rFldGSzwv01JZieeT:m3j8tB0m1SAiTxv0qmrMQ8dGCwv1eBs
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet