mirai | 29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7 | Triage

Sharing

General

Target

29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7.elf
Size

25KB
Sample

240507-bj2xbsee74
MD5

4f6cf0b40a415773ca13429a35d828e5
SHA1

7c215ea3900aeffcf0658ac55168ae1556db3785
SHA256

29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7
SHA512

022a23b6c40164a7d669b30b3adf806b3ec122e62180fcb0bd45f7786fcf89ee0c9cf014e018d29341dcb8f21a1b713070e5efc98b95d86fc86dd15e1180b551
SSDEEP

768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2YpJlrsYN:h4OvfeTh9NrlAYN

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7.elf
- Size
  
  25KB
- MD5
  
  4f6cf0b40a415773ca13429a35d828e5
- SHA1
  
  7c215ea3900aeffcf0658ac55168ae1556db3785
- SHA256
  
  29642627d91e46c9521d796f37b06af53ce26ccaa79b6a531c4646d8eb0a0bb7
- SHA512
  
  022a23b6c40164a7d669b30b3adf806b3ec122e62180fcb0bd45f7786fcf89ee0c9cf014e018d29341dcb8f21a1b713070e5efc98b95d86fc86dd15e1180b551
- SSDEEP
  
  768:VVVhKh+3d5fe3DhgLi/9ib4Ce1rx2YpJlrsYN:h4OvfeTh9NrlAYN
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mirailzrdbotnet