General
-
Target
a.sh
-
Size
2KB
-
Sample
230428-tseghafb34
-
MD5
96356ee0827a85636db9ca1346673617
-
SHA1
eb0af33f1788f935b5c74f3bdb6151b336388851
-
SHA256
6ce6a09cc43b05563309bfee1e3aa77240e87ff28fc0340736eee93f4acd7ba2
-
SHA512
bb4efc748ba2439487b6d2a92a9639210e437ef41791bd10aadb6566d0c9b0db7ad5674548e50c1a169bd78de069bed22f96236f109e54fe09b89c7cff0a6c88
Static task
static1
Behavioral task
behavioral1
Sample
a.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
a.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
a.sh
Resource
debian9-mipsbe-en-20211208
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
a.sh
-
Size
2KB
-
MD5
96356ee0827a85636db9ca1346673617
-
SHA1
eb0af33f1788f935b5c74f3bdb6151b336388851
-
SHA256
6ce6a09cc43b05563309bfee1e3aa77240e87ff28fc0340736eee93f4acd7ba2
-
SHA512
bb4efc748ba2439487b6d2a92a9639210e437ef41791bd10aadb6566d0c9b0db7ad5674548e50c1a169bd78de069bed22f96236f109e54fe09b89c7cff0a6c88
-
Contacts a large (196247) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (198421) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (199728) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (2687) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Executes dropped EXE
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-