mirai | 91ad25c983451a0492a89b7d2a2eaa7534096d62da3161c98a8561417d26c6e5 | Triage

Sharing

General

Target

91ad25c983451a0492a89b7d2a2eaa7534096d62da3161c98a8561417d26c6e5.elf
Size

45KB
Sample

240805-b1j3vaxbjb
MD5

5d61dfbb7c0ca0e8e053395bbeb83b76
SHA1

7a1d13e462352b09ccec3327a9efa9080ef1c181
SHA256

91ad25c983451a0492a89b7d2a2eaa7534096d62da3161c98a8561417d26c6e5
SHA512

53af9f187ce83336e67732781c14f04a40dc2ef385e9d30e035052d6919ab62d392a070d7692416292ebd70815cdb1044b15af4a90237978e5a884932feeb719
SSDEEP

768:zwyY9a89JenEVy4Dl/yWZc6yB9q3UELH7+xm6SDtP7FFWS:LY9LJeElJ/y6y0Lb+QPpP7F5

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  91ad25c983451a0492a89b7d2a2eaa7534096d62da3161c98a8561417d26c6e5.elf
- Size
  
  45KB
- MD5
  
  5d61dfbb7c0ca0e8e053395bbeb83b76
- SHA1
  
  7a1d13e462352b09ccec3327a9efa9080ef1c181
- SHA256
  
  91ad25c983451a0492a89b7d2a2eaa7534096d62da3161c98a8561417d26c6e5
- SHA512
  
  53af9f187ce83336e67732781c14f04a40dc2ef385e9d30e035052d6919ab62d392a070d7692416292ebd70815cdb1044b15af4a90237978e5a884932feeb719
- SSDEEP
  
  768:zwyY9a89JenEVy4Dl/yWZc6yB9q3UELH7+xm6SDtP7FFWS:LY9LJeElJ/y6y0Lb+QPpP7F5
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet