mirai | 713a91572aa251c96bb0bc24a0a0a817d05d8baf127971006b67c77366458b50 | Triage

Sharing

General

Target

0e03e44523fea525ebc0bb6fa81b8c52.elf
Size

22KB
Sample

240503-aq7kqacd72
MD5

0e03e44523fea525ebc0bb6fa81b8c52
SHA1

e046a338fea8dedd45934eeb479fd44d1258051d
SHA256

713a91572aa251c96bb0bc24a0a0a817d05d8baf127971006b67c77366458b50
SHA512

df6b2e9218759d4601af742be35683485d2da2f8c53d701741524d04bf1d9a1ce2a740c7707bb1843e7f77d1278ab576419b580d1490926ab2b693c78ab9bed0
SSDEEP

384:gFYfwf/izXcR3fivuQUhJX9tDttu0fOM9Yx/DmpO5wuHnrbV8YSqcKsDScN2lM5N:QikKzXctauJX9t+WO5lCpUdvONqyScN/

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  0e03e44523fea525ebc0bb6fa81b8c52.elf
- Size
  
  22KB
- MD5
  
  0e03e44523fea525ebc0bb6fa81b8c52
- SHA1
  
  e046a338fea8dedd45934eeb479fd44d1258051d
- SHA256
  
  713a91572aa251c96bb0bc24a0a0a817d05d8baf127971006b67c77366458b50
- SHA512
  
  df6b2e9218759d4601af742be35683485d2da2f8c53d701741524d04bf1d9a1ce2a740c7707bb1843e7f77d1278ab576419b580d1490926ab2b693c78ab9bed0
- SSDEEP
  
  384:gFYfwf/izXcR3fivuQUhJX9tDttu0fOM9Yx/DmpO5wuHnrbV8YSqcKsDScN2lM5N:QikKzXctauJX9t+WO5lCpUdvONqyScN/
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet