mirai | c299fcbb537bcaafbff331bf5369858ffa3a6a7d988884bffe8d6d0facb86921 | Triage

Sharing

General

Target

1588011ef23105ad68b4168534175d84.elf
Size

32KB
Sample

240520-xzd14ade29
MD5

1588011ef23105ad68b4168534175d84
SHA1

2cb7ba21a60245fa7e4d63e565072adc35186071
SHA256

c299fcbb537bcaafbff331bf5369858ffa3a6a7d988884bffe8d6d0facb86921
SHA512

3e293bf6c4d3387ea2eea6f20ffa477aca06cd526d42180bc7631481596535bcc3d24a1e45748803404d1dbcf05f84d26d9495a1aedfae45004f7c9409907594
SSDEEP

768:pNscAALmcIy55uOF+VfanRVsYpgJkq0trM9:pNR/4oAOoCKYpgCtM

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  1588011ef23105ad68b4168534175d84.elf
- Size
  
  32KB
- MD5
  
  1588011ef23105ad68b4168534175d84
- SHA1
  
  2cb7ba21a60245fa7e4d63e565072adc35186071
- SHA256
  
  c299fcbb537bcaafbff331bf5369858ffa3a6a7d988884bffe8d6d0facb86921
- SHA512
  
  3e293bf6c4d3387ea2eea6f20ffa477aca06cd526d42180bc7631481596535bcc3d24a1e45748803404d1dbcf05f84d26d9495a1aedfae45004f7c9409907594
- SSDEEP
  
  768:pNscAALmcIy55uOF+VfanRVsYpgJkq0trM9:pNR/4oAOoCKYpgCtM
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet