mirai | 31b8d1ee9bbbd136b26d1000b3353234115913f90da88389b03ff5b2825d1cd0 | Triage

Sharing

General

Target

31b8d1ee9bbbd136b26d1000b3353234115913f90da88389b03ff5b2825d1cd0.elf
Size

24KB
Sample

240522-bpa1ssfh8v
MD5

c36198cf6a51d72798e6cc13f0c4609f
SHA1

e7b264afd633f6ebc5ee9d11b21da74195f008d1
SHA256

31b8d1ee9bbbd136b26d1000b3353234115913f90da88389b03ff5b2825d1cd0
SHA512

5a5d63e7f9ba9de073bb90a76f71bcf786e51744d4c5a1c401fae4702b4308c2a81b8a1d7d24280813d2d64a479b31b11bf325adc397d81f353473e274315d7e
SSDEEP

384:hkU3Sq+7RxrsPdUrQ8RwHP5s9MJuDITs6fRkW8LqJC+GbF1pxiqEN25M5B7hN:qxgPdsyHP5g7DkTaW09bFTQNGMf

Score

10^/10

mirai lzrd botnet linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  31b8d1ee9bbbd136b26d1000b3353234115913f90da88389b03ff5b2825d1cd0.elf
- Size
  
  24KB
- MD5
  
  c36198cf6a51d72798e6cc13f0c4609f
- SHA1
  
  e7b264afd633f6ebc5ee9d11b21da74195f008d1
- SHA256
  
  31b8d1ee9bbbd136b26d1000b3353234115913f90da88389b03ff5b2825d1cd0
- SHA512
  
  5a5d63e7f9ba9de073bb90a76f71bcf786e51744d4c5a1c401fae4702b4308c2a81b8a1d7d24280813d2d64a479b31b11bf325adc397d81f353473e274315d7e
- SSDEEP
  
  384:hkU3Sq+7RxrsPdUrQ8RwHP5s9MJuDITs6fRkW8LqJC+GbF1pxiqEN25M5B7hN:qxgPdsyHP5g7DkTaW09bFTQNGMf
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet