mirai | 19d701781a24a57e13181d054c7f3a70d3e205ad72be89fd29dcfa3084e5e396 | Triage

Sharing

General

Target

ohshit.sh
Size

2KB
Sample

250103-nqkb3s1mhw
MD5

dfb20882adc5a8a441e05549d24a2888
SHA1

9cad12bea5d7cdf2c78c5a00b308f25923c59218
SHA256

19d701781a24a57e13181d054c7f3a70d3e205ad72be89fd29dcfa3084e5e396
SHA512

63ff945d55e5560f99d75c99656b03d1ef70a50900c3c8fcb93fa13d63540c11ba14585c78c202ace742fc924f75f01c4acf43141ff1f1f700ad10c8d72f4bb2

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery linux upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  ohshit.sh
- Size
  
  2KB
- MD5
  
  dfb20882adc5a8a441e05549d24a2888
- SHA1
  
  9cad12bea5d7cdf2c78c5a00b308f25923c59218
- SHA256
  
  19d701781a24a57e13181d054c7f3a70d3e205ad72be89fd29dcfa3084e5e396
- SHA512
  
  63ff945d55e5560f99d75c99656b03d1ef70a50900c3c8fcb93fa13d63540c11ba14585c78c202ace742fc924f75f01c4acf43141ff1f1f700ad10c8d72f4bb2
Score

10^/10

mirai lzrd botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral2

mirailzrdantivmbotnetdefense_evasiondiscoveryupx

behavioral3

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral4

mirailzrdbotnetdefense_evasiondiscoveryupx