mirai | 86fb9cd7b19cb7a88cd7eae579d2656331110b296e40a535010affc6ce3b86cf | Triage

Sharing

General

Target

86fb9cd7b19cb7a88cd7eae579d2656331110b296e40a535010affc6ce3b86cf.elf
Size

24KB
Sample

240521-rjthysgg8y
MD5

bd52e0ed8e0b0880f6f8650fdf31a45b
SHA1

764b6909d562f09a997e26b658d68625e07cc9f7
SHA256

86fb9cd7b19cb7a88cd7eae579d2656331110b296e40a535010affc6ce3b86cf
SHA512

9be052a1fe960efb52163e8a2d3138aa8fca66b18372a7a79689398ff1e451a503a046ff22c8cf46873b38236490279d83b1f7102376f702a924bc80636875f8
SSDEEP

768:5Qu5Va7FXydihUArB/2uc4gViw/EGFSwxxREVUe:iu+7FX0kU2B/Bg3zjxxREVJ

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  86fb9cd7b19cb7a88cd7eae579d2656331110b296e40a535010affc6ce3b86cf.elf
- Size
  
  24KB
- MD5
  
  bd52e0ed8e0b0880f6f8650fdf31a45b
- SHA1
  
  764b6909d562f09a997e26b658d68625e07cc9f7
- SHA256
  
  86fb9cd7b19cb7a88cd7eae579d2656331110b296e40a535010affc6ce3b86cf
- SHA512
  
  9be052a1fe960efb52163e8a2d3138aa8fca66b18372a7a79689398ff1e451a503a046ff22c8cf46873b38236490279d83b1f7102376f702a924bc80636875f8
- SSDEEP
  
  768:5Qu5Va7FXydihUArB/2uc4gViw/EGFSwxxREVUe:iu+7FX0kU2B/Bg3zjxxREVJ
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet