mirai | 7e183a78fa3064e50b74038e36c0880994d777e0eda24ea68b26a92b307bfcfe | Triage

Sharing

General

Target

e3e4a77e6f715990ac2d9f1f3844d61f.bin
Size

25KB
Sample

240503-cbt27aec99
MD5

2beb685a119c05500f568069a87a276c
SHA1

e03aab0ed1ff944d8b40815fc82ae49e14e81010
SHA256

7e183a78fa3064e50b74038e36c0880994d777e0eda24ea68b26a92b307bfcfe
SHA512

020a2ad67346b9bc9d25c2d005bd05b79c30987ce1c797c75ea986e7481a9dd118dde8231645fb04ee39e528a85e9e2cf32d0ea0bc94d08fa8a8c6a752f1786e
SSDEEP

384:92PiZf4YhOfixMt1FtsqusQ5/rzw2Ijv240FK6ej7g8DR9PU7F3OwrSivxlFkSpV:9uIf/ZxY1/Rus2nwbx6ejh9PkRfprhV

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e.elf
- Size
  
  25KB
- MD5
  
  e3e4a77e6f715990ac2d9f1f3844d61f
- SHA1
  
  e0b5fbbe7b3291c07e053a3a709e8c75fd8556d0
- SHA256
  
  531cd031b41245d0e27f7bdf769c8e7d422cc14cc9656334ae1d5136e8025d0e
- SHA512
  
  4e59a4691b1c62767b7a787bbf694b1b409a88342b746c8fcfcab57bb4877133deb1e27a5f7660651ebd206fdcedb1c7867cd40f20dfcde48891437d3b941c4d
- SSDEEP
  
  768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2Yp3rsz3:h4OvfeTh9NVAz3
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet