General
-
Target
88279.sh
-
Size
3KB
-
Sample
230524-qs6n7sdb5z
-
MD5
f9f1dc6b21e27de069f7da0c4f6cae49
-
SHA1
6e84e766467fb968e6ca33a0a29d31dfc65e658d
-
SHA256
9c9a5b183fc64da7ca2e1cda3fd74349b48584e07da9794a906a9c5a4d57136b
-
SHA512
a1e1080ec76455daae11e732eb582bdfd502d5ffbdd743208178438c4958338de52d0a441c11abcc8f80e582c6949052d0349ff7528993134f445b6cb8292de1
Static task
static1
Behavioral task
behavioral1
Sample
88279.sh
Resource
ubuntu1804-amd64-20221125-en
Behavioral task
behavioral2
Sample
88279.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
88279.sh
Resource
debian9-mipsbe-en-20211208
Malware Config
Targets
-
-
Target
88279.sh
-
Size
3KB
-
MD5
f9f1dc6b21e27de069f7da0c4f6cae49
-
SHA1
6e84e766467fb968e6ca33a0a29d31dfc65e658d
-
SHA256
9c9a5b183fc64da7ca2e1cda3fd74349b48584e07da9794a906a9c5a4d57136b
-
SHA512
a1e1080ec76455daae11e732eb582bdfd502d5ffbdd743208178438c4958338de52d0a441c11abcc8f80e582c6949052d0349ff7528993134f445b6cb8292de1
-
Contacts a large (1267190) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (569255) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (857159) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (94784) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-