General

  • Target

    8UsA.sh

  • Size

    1KB

  • Sample

    240826-pat21stgrl

  • MD5

    9b83b3d2a111fbf5d320d605df834e04

  • SHA1

    fe2c26a894a54467e845ee642fb56b2ba95ce305

  • SHA256

    8c32bdf07e8b2459a7ddaf50fb667da6901713d8d22f18a52bf9b96a024ef426

  • SHA512

    2442c053813b4454737029233cb724694a8788e5b2e1441cc865d66f384d5f90bf5604071fafa297820e759e364300d2a971012ae491381d81725dd197928fc3

Malware Config

Extracted

Family

mirai

Botnet

JOSHO

Extracted

Family

mirai

Botnet

JOSHO

Extracted

Family

mirai

Botnet

JOSHO

Targets

    • Target

      8UsA.sh

    • Size

      1KB

    • MD5

      9b83b3d2a111fbf5d320d605df834e04

    • SHA1

      fe2c26a894a54467e845ee642fb56b2ba95ce305

    • SHA256

      8c32bdf07e8b2459a7ddaf50fb667da6901713d8d22f18a52bf9b96a024ef426

    • SHA512

      2442c053813b4454737029233cb724694a8788e5b2e1441cc865d66f384d5f90bf5604071fafa297820e759e364300d2a971012ae491381d81725dd197928fc3

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (2056) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Enterprise v15

Tasks