mirai | 951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed | Triage

Submit
Reports

Overview

overview

Static

static

1

951f2e24a8...7ed.sh

ubuntu-18.04-amd64

951f2e24a8...7ed.sh

debian-9-armhf

951f2e24a8...7ed.sh

debian-9-mips

951f2e24a8...7ed.sh

debian-9-mipsel

Sharing

General

Target

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh
Size

2KB
Sample

241110-c84mwsxgmk
MD5

f0daa2dd315e06f5d6dc4b15fa4cdea9
SHA1

23761746f0128a46fb08f77ba85047bf27402b32
SHA256

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed
SHA512

c198adb63fc6f58d09fa2e34c34ab9b8da63b45d3536ee881a5ddb2c8bccf78fc0550f1863b3fc6e15574aca46ea460e70f75d9c182524448f92960f4768bfac

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery linux upx

Static task

static1

Behavioral task

behavioral1

Sample

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh

Resource

ubuntu1804-amd64-20240611-en

mirai lzrd botnet defense_evasion discovery upx

ubuntu-18.04-amd64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh

Resource

debian9-armhf-20240418-en

mirai lzrd antivm botnet defense_evasion discovery upx

debian-9-armhf

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh

Resource

debian9-mipsbe-20240418-en

mirai lzrd botnet defense_evasion discovery upx

debian-9-mips

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh

Resource

debian9-mipsel-20240729-en

mirai lzrd botnet defense_evasion discovery upx

debian-9-mipsel

11 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed.sh
- Size
  
  2KB
- MD5
  
  f0daa2dd315e06f5d6dc4b15fa4cdea9
- SHA1
  
  23761746f0128a46fb08f77ba85047bf27402b32
- SHA256
  
  951f2e24a8f4c1102b1b8b707e3b5610e83f3a40f94c6b6fe6ba17e3ed33c7ed
- SHA512
  
  c198adb63fc6f58d09fa2e34c34ab9b8da63b45d3536ee881a5ddb2c8bccf78fc0550f1863b3fc6e15574aca46ea460e70f75d9c182524448f92960f4768bfac
Score

10^/10

mirai lzrd botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral2

mirailzrdantivmbotnetdefense_evasiondiscoveryupx

behavioral3

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral4

mirailzrdbotnetdefense_evasiondiscoveryupx

© 2018-2024

Terms | Privacy