General
-
Target
D.sh
-
Size
1KB
-
Sample
230430-p9d5vahg33
-
MD5
e41b9523a8373b79498bef2473723adf
-
SHA1
bd468f9718ef86d34c88552dd01464f85e8e2ee5
-
SHA256
27304700dc53d71505aa6d32165fe6142f3e6173effcd08a84255a3eae40788e
-
SHA512
0b933fcf0f8a24ffd62431f47469529fce2170307777a632d74af893902af3ba60a14076a74874354c7667b39e5ebf37a2f6f1e9d145599d22c2fbbb03f31476
Static task
static1
Behavioral task
behavioral1
Sample
D.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
D.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
D.sh
Resource
debian9-mipsbe-en-20211208
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
D.sh
-
Size
1KB
-
MD5
e41b9523a8373b79498bef2473723adf
-
SHA1
bd468f9718ef86d34c88552dd01464f85e8e2ee5
-
SHA256
27304700dc53d71505aa6d32165fe6142f3e6173effcd08a84255a3eae40788e
-
SHA512
0b933fcf0f8a24ffd62431f47469529fce2170307777a632d74af893902af3ba60a14076a74874354c7667b39e5ebf37a2f6f1e9d145599d22c2fbbb03f31476
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Executes dropped EXE
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-