mirai | 7bf15d064d9354ea5166e0f432573ea8d10faa2626e95d1f02ffcbe31dfe90f2 | Triage

Sharing

General

Target

1df5aa441e30553b8ee3443c79056b6a.bin
Size

26KB
Sample

240806-dddnnaxdnr
MD5

de97fd868e9252ba3dce8fb2041961d3
SHA1

eb751160d6f85d3f38125be5cae0d3d744c66e76
SHA256

7bf15d064d9354ea5166e0f432573ea8d10faa2626e95d1f02ffcbe31dfe90f2
SHA512

852b69a06af9fcc938c9d3abfe407758225f37f6cc1f3983619ec57820e9e4ffc8a41d176401946cf3c6a7900e00bd866ea0a17ee5604c3b269ab546b41f9cf6
SSDEEP

768:zuu/ZVfE1Yn8onxw1aK8zmGK5GYWANVS7DMaPD1G2n1q:zuuBO1Yvi1H82GYVVmLIX

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  af8f028a9da212f68eeaebd339d906b0e0114e1df984446e85650bdfb0201efe.elf
- Size
  
  27KB
- MD5
  
  1df5aa441e30553b8ee3443c79056b6a
- SHA1
  
  e3086aec9fd04b381f1b9836a983a83aed65ea87
- SHA256
  
  af8f028a9da212f68eeaebd339d906b0e0114e1df984446e85650bdfb0201efe
- SHA512
  
  3355c060ae27185262f06239a28ee1ad2d7b0fb74ac8f11ef212883bb547a53057ff26f806de527ddb83f9492c84b0fa61d072b6e2300be3663807991b55214e
- SSDEEP
  
  768:Gr5uUZspxANv1tsQ3rnyvENPSXNim7fWB:Gr5lCAdt3Ty8N+NE
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnet