mirai | 301e421f6c17c8c99e52032c06adf88ea70861a52f1dd46a5889f885d8079a5d | Triage

Sharing

General

Target

9b2356d6fa60307dc6776f25473592ea.elf
Size

21KB
Sample

240722-14259s1dmh
MD5

9b2356d6fa60307dc6776f25473592ea
SHA1

0911006d17603d412465dba7cc5435a313ac6b7e
SHA256

301e421f6c17c8c99e52032c06adf88ea70861a52f1dd46a5889f885d8079a5d
SHA512

c1f3826a4cd77085d47c48eea3127df18af9b31a92031f7587e4e73b834e7ca04d04ec5d3e13b69bb6950ae5300ebe97ac2714d2955590696e16b0a5cb953553
SSDEEP

384:FB/HF1/1eZ9/6o10ILPljIgf76KRJ34QTECcbrv+0BYVUyeEDf0bTh2EPWVv4qhQ:FJHvcZ56qt9feK734QTEpbq0B4VQThyC

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  9b2356d6fa60307dc6776f25473592ea.elf
- Size
  
  21KB
- MD5
  
  9b2356d6fa60307dc6776f25473592ea
- SHA1
  
  0911006d17603d412465dba7cc5435a313ac6b7e
- SHA256
  
  301e421f6c17c8c99e52032c06adf88ea70861a52f1dd46a5889f885d8079a5d
- SHA512
  
  c1f3826a4cd77085d47c48eea3127df18af9b31a92031f7587e4e73b834e7ca04d04ec5d3e13b69bb6950ae5300ebe97ac2714d2955590696e16b0a5cb953553
- SSDEEP
  
  384:FB/HF1/1eZ9/6o10ILPljIgf76KRJ34QTECcbrv+0BYVUyeEDf0bTh2EPWVv4qhQ:FJHvcZ56qt9feK734QTEpbq0B4VQThyC
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet