General
-
Target
8UsA.sh
-
Size
1KB
-
Sample
240826-pat21stgrl
-
MD5
9b83b3d2a111fbf5d320d605df834e04
-
SHA1
fe2c26a894a54467e845ee642fb56b2ba95ce305
-
SHA256
8c32bdf07e8b2459a7ddaf50fb667da6901713d8d22f18a52bf9b96a024ef426
-
SHA512
2442c053813b4454737029233cb724694a8788e5b2e1441cc865d66f384d5f90bf5604071fafa297820e759e364300d2a971012ae491381d81725dd197928fc3
Static task
static1
Behavioral task
behavioral1
Sample
8UsA.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
8UsA.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
8UsA.sh
Resource
debian9-mipsbe-20240418-en
Malware Config
Extracted
mirai
JOSHO
Extracted
mirai
JOSHO
Extracted
mirai
JOSHO
Targets
-
-
Target
8UsA.sh
-
Size
1KB
-
MD5
9b83b3d2a111fbf5d320d605df834e04
-
SHA1
fe2c26a894a54467e845ee642fb56b2ba95ce305
-
SHA256
8c32bdf07e8b2459a7ddaf50fb667da6901713d8d22f18a52bf9b96a024ef426
-
SHA512
2442c053813b4454737029233cb724694a8788e5b2e1441cc865d66f384d5f90bf5604071fafa297820e759e364300d2a971012ae491381d81725dd197928fc3
-
Contacts a large (2056) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-