General
-
Target
Pandora.sh
-
Size
1KB
-
Sample
230505-taf8dabd27
-
MD5
2ee1634f94b542051d04f8d1faf225ff
-
SHA1
5300cf1316226fad2d58cd03d942c13f40b7328f
-
SHA256
da09e2e35ee13411a6ae582d331dd3dab910e94c686faccddf8c8d8bf5d842c8
-
SHA512
65323f720e3e20b384d6490631d512e49521232e52dc956489a771652e9bf559b6f2c8c1a7607498868b3b617f6ab58042b99e59d1dd76d81efb79e8a0af6bd1
Static task
static1
Behavioral task
behavioral1
Sample
Pandora.sh
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral2
Sample
Pandora.sh
Resource
debian9-armhf-20221125-en
Behavioral task
behavioral3
Sample
Pandora.sh
Resource
debian9-mipsbe-en-20211208
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
Pandora.sh
-
Size
1KB
-
MD5
2ee1634f94b542051d04f8d1faf225ff
-
SHA1
5300cf1316226fad2d58cd03d942c13f40b7328f
-
SHA256
da09e2e35ee13411a6ae582d331dd3dab910e94c686faccddf8c8d8bf5d842c8
-
SHA512
65323f720e3e20b384d6490631d512e49521232e52dc956489a771652e9bf559b6f2c8c1a7607498868b3b617f6ab58042b99e59d1dd76d81efb79e8a0af6bd1
-
Contacts a large (280633) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (580963) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (610734) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (658251) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Executes dropped EXE
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-