General

  • Target

    boatnet.arm6.elf

  • Size

    27KB

  • Sample

    241220-2cvsjswmbm

  • MD5

    8ff041ba09feed9a3c5e3de84ef62682

  • SHA1

    944e4efff2d90d1e98cdb37d24a0e712dae21e21

  • SHA256

    50a6d31700ca94be0158dc8bda60b51446c70634825143a91817713dfcd6543b

  • SHA512

    210fb35b64baa4957573a57a91d6af6800db6acd1ba9a073c370d32047868e93f3899546bf2f0218d48897a35d6e82e90c5723a880b7bb7925d21cb9b64c836b

  • SSDEEP

    768:mZ5DJvjb5M8CqaV9Yr67ie+8KEnpgwkChgJo2Kl9q3UELW:qNJvpvCqu9YrTePCCh+LW

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      boatnet.arm6.elf

    • Size

      27KB

    • MD5

      8ff041ba09feed9a3c5e3de84ef62682

    • SHA1

      944e4efff2d90d1e98cdb37d24a0e712dae21e21

    • SHA256

      50a6d31700ca94be0158dc8bda60b51446c70634825143a91817713dfcd6543b

    • SHA512

      210fb35b64baa4957573a57a91d6af6800db6acd1ba9a073c370d32047868e93f3899546bf2f0218d48897a35d6e82e90c5723a880b7bb7925d21cb9b64c836b

    • SSDEEP

      768:mZ5DJvjb5M8CqaV9Yr67ie+8KEnpgwkChgJo2Kl9q3UELW:qNJvpvCqu9YrTePCCh+LW

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks