General
-
Target
8UsA1.sh
-
Size
1KB
-
Sample
230520-fn2vcadc7z
-
MD5
3385ae29de3f9f150941b97583070ca3
-
SHA1
e2ca62dcf76569a21b539ce4db0cc47839ea9b3b
-
SHA256
fe3f66824c6ddfd6bd62c9eef9441c6dd305c7109dc6118b155cd3ea14ad1ad5
-
SHA512
2640aed20bfa2ee946f940dc833d140f82e52ad51dafff73d0796404af82ee14da77085c4818d1dbeb1f6c5e0091ceaaa20aae565afb469e00a9c5c717e47553
Malware Config
Targets
-
-
Target
8UsA1.sh
-
Size
1KB
-
MD5
3385ae29de3f9f150941b97583070ca3
-
SHA1
e2ca62dcf76569a21b539ce4db0cc47839ea9b3b
-
SHA256
fe3f66824c6ddfd6bd62c9eef9441c6dd305c7109dc6118b155cd3ea14ad1ad5
-
SHA512
2640aed20bfa2ee946f940dc833d140f82e52ad51dafff73d0796404af82ee14da77085c4818d1dbeb1f6c5e0091ceaaa20aae565afb469e00a9c5c717e47553
Score10/10-
Detected Echobot
-
Echobot
An updated variant of Mirai which infects a wide range of IoT devices to form a botnet.
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (121119) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (144022) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (341938) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (388487) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-