mirai | 521da3ef4c9a610183ca04406cd39b9c7126f874654719f83743e0461430f5d4 | Triage

Sharing

General

Target

521da3ef4c9a610183ca04406cd39b9c7126f874654719f83743e0461430f5d4.elf
Size

22KB
Sample

240504-bnb7gace36
MD5

3a1df568d0dd60fbd3e32efa6bcc2ffb
SHA1

9b8ab470c61a376be7cf3d7bd59f281bac4161e5
SHA256

521da3ef4c9a610183ca04406cd39b9c7126f874654719f83743e0461430f5d4
SHA512

8125c860cc8c07bbebb752e6dbb541201fa7e5a04e650c29b448440cfb6015fae7cc581c21bd009f68ba2d4c7094082740dec87f8b6ad2d5beb5c7356aa721b3
SSDEEP

384:BFYfwf/izXcR3fivuQUhJX9tDtt+9OOzkuptY+XsAGOIRugj+GaR7P8ytN2lM5Bc:PikKzXctauJX9t3gzO+XsNvuE+GIkytq

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  521da3ef4c9a610183ca04406cd39b9c7126f874654719f83743e0461430f5d4.elf
- Size
  
  22KB
- MD5
  
  3a1df568d0dd60fbd3e32efa6bcc2ffb
- SHA1
  
  9b8ab470c61a376be7cf3d7bd59f281bac4161e5
- SHA256
  
  521da3ef4c9a610183ca04406cd39b9c7126f874654719f83743e0461430f5d4
- SHA512
  
  8125c860cc8c07bbebb752e6dbb541201fa7e5a04e650c29b448440cfb6015fae7cc581c21bd009f68ba2d4c7094082740dec87f8b6ad2d5beb5c7356aa721b3
- SSDEEP
  
  384:BFYfwf/izXcR3fivuQUhJX9tDtt+9OOzkuptY+XsAGOIRugj+GaR7P8ytN2lM5Bc:PikKzXctauJX9t3gzO+XsNvuE+GIkytq
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet