mirai | c930c9cb86afa77d4f0ccee8e6db3dc45f7ec19d65ef91324ee6323304a9d848 | Triage

Sharing

General

Target

c930c9cb86afa77d4f0ccee8e6db3dc45f7ec19d65ef91324ee6323304a9d848.sh
Size

2KB
Sample

240919-b6q4cavbkh
MD5

4a893c8353bab065303d261e80d3eaa4
SHA1

eba1f6ee2352f61f1f7a900c7c81627392ede189
SHA256

c930c9cb86afa77d4f0ccee8e6db3dc45f7ec19d65ef91324ee6323304a9d848
SHA512

d53e6bec33758285fd800579832ceace3cca32c4fb10517f933a875b7a1de067368d436847865797bfdcd63e0e7d1f6a11f1966fe7b2380d72a03c27370d8102

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  c930c9cb86afa77d4f0ccee8e6db3dc45f7ec19d65ef91324ee6323304a9d848.sh
- Size
  
  2KB
- MD5
  
  4a893c8353bab065303d261e80d3eaa4
- SHA1
  
  eba1f6ee2352f61f1f7a900c7c81627392ede189
- SHA256
  
  c930c9cb86afa77d4f0ccee8e6db3dc45f7ec19d65ef91324ee6323304a9d848
- SHA512
  
  d53e6bec33758285fd800579832ceace3cca32c4fb10517f933a875b7a1de067368d436847865797bfdcd63e0e7d1f6a11f1966fe7b2380d72a03c27370d8102
Score

10^/10

mirai lzrd botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral2

mirailzrdantivmbotnetdefense_evasiondiscoveryupx

behavioral3

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral4

mirailzrdbotnetdefense_evasiondiscoveryupx