General
-
Target
tplink.sh
-
Size
827B
-
Sample
240821-wcvvnawajr
-
MD5
503a6790064c0d8afb7220d7ff4d559d
-
SHA1
c00a805062e7a6274dde96063d42065ba2286085
-
SHA256
f495ac84e4181503f0e6e4e21728a0cb82c7e9a3f6e1e54741f6eaf589aea82e
-
SHA512
6c7ab7e8cf0b5b07b1c9cae94e4631e3fab493366d80d9946ba75a11897d8dfe658dcd96fd26d04c3b85a87786aa0656293e331a2b436b018547634c0dd45e37
Malware Config
Extracted
mirai
really.idoingitagain.space
Extracted
mirai
really.idoingitagain.space
Extracted
mirai
really.idoingitagain.space
Extracted
mirai
really.idoingitagain.space
Targets
-
-
Target
tplink.sh
-
Size
827B
-
MD5
503a6790064c0d8afb7220d7ff4d559d
-
SHA1
c00a805062e7a6274dde96063d42065ba2286085
-
SHA256
f495ac84e4181503f0e6e4e21728a0cb82c7e9a3f6e1e54741f6eaf589aea82e
-
SHA512
6c7ab7e8cf0b5b07b1c9cae94e4631e3fab493366d80d9946ba75a11897d8dfe658dcd96fd26d04c3b85a87786aa0656293e331a2b436b018547634c0dd45e37
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Deletes Audit logs
Deletes logs related to the Linux Audit framework.
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-