mirai | 0cb9d915f5ca5e40f0ea1a2cd62dcfcd91453cb537a291cfa0c01e02492bfddb | Triage

Sharing

General

Target

0cb9d915f5ca5e40f0ea1a2cd62dcfcd91453cb537a291cfa0c01e02492bfddb.elf
Size

23KB
Sample

240504-bee7rshc6w
MD5

d821026d7c8716cd25b626a175ac7175
SHA1

b26e57365122506bf55fedca31930e4fd6ece81a
SHA256

0cb9d915f5ca5e40f0ea1a2cd62dcfcd91453cb537a291cfa0c01e02492bfddb
SHA512

8be9beab765170373a102354812548296fe90630c5f7070174d31b60df936870e9f16d3d989a5ad4a19332cfeb54ef6fc6ea46e137abb0da1aa1a390fdb13586
SSDEEP

384:MyB6Yj833S7YSpsGE0m1SAqMaECTS2lKNwoef7FWDeTi6P+AfXndE/JniIVtb+vE:N3j8tB0m1SAiTxsPt8TXndOxPsM

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  0cb9d915f5ca5e40f0ea1a2cd62dcfcd91453cb537a291cfa0c01e02492bfddb.elf
- Size
  
  23KB
- MD5
  
  d821026d7c8716cd25b626a175ac7175
- SHA1
  
  b26e57365122506bf55fedca31930e4fd6ece81a
- SHA256
  
  0cb9d915f5ca5e40f0ea1a2cd62dcfcd91453cb537a291cfa0c01e02492bfddb
- SHA512
  
  8be9beab765170373a102354812548296fe90630c5f7070174d31b60df936870e9f16d3d989a5ad4a19332cfeb54ef6fc6ea46e137abb0da1aa1a390fdb13586
- SSDEEP
  
  384:MyB6Yj833S7YSpsGE0m1SAqMaECTS2lKNwoef7FWDeTi6P+AfXndE/JniIVtb+vE:N3j8tB0m1SAiTxsPt8TXndOxPsM
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet