mirai | 0ef8aa8c462efec6c17773c1f993c48f7de7727c12fca850f6ad816710d02a13 | Triage

Sharing

General

Target

0ef8aa8c462efec6c17773c1f993c48f7de7727c12fca850f6ad816710d02a13.elf
Size

24KB
Sample

240723-bkpndsyfld
MD5

e02c868509bd1c8cd079309bf37a8e78
SHA1

8f92b0c53a6b41fc450651288fdcf1c680416684
SHA256

0ef8aa8c462efec6c17773c1f993c48f7de7727c12fca850f6ad816710d02a13
SHA512

2ba2a2cebb8a71db8ae40212ff7d7385d37c20c3a24a466e52d686f622ccb077e0bfda8b73af02dcf7442573af031440d06623670184753271b9b2f78fef490c
SSDEEP

768:0HrQlS07dEv0UXqUhvQE+CXKXkChmcbdnoXkZqCWvc:YQlS07FUXqIYSXKXhm2dnNqU

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  0ef8aa8c462efec6c17773c1f993c48f7de7727c12fca850f6ad816710d02a13.elf
- Size
  
  24KB
- MD5
  
  e02c868509bd1c8cd079309bf37a8e78
- SHA1
  
  8f92b0c53a6b41fc450651288fdcf1c680416684
- SHA256
  
  0ef8aa8c462efec6c17773c1f993c48f7de7727c12fca850f6ad816710d02a13
- SHA512
  
  2ba2a2cebb8a71db8ae40212ff7d7385d37c20c3a24a466e52d686f622ccb077e0bfda8b73af02dcf7442573af031440d06623670184753271b9b2f78fef490c
- SSDEEP
  
  768:0HrQlS07dEv0UXqUhvQE+CXKXkChmcbdnoXkZqCWvc:YQlS07FUXqIYSXKXhm2dnNqU
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet