General

  • Target

    jewn.sh

  • Size

    1KB

  • Sample

    240901-nyqttszfkh

  • MD5

    1be2b13404075df516523651fa37d6ab

  • SHA1

    3a4d59a4bcfa3fd37fd5502b1f6534e8e3e9c454

  • SHA256

    ed5b1c0bbab80f76aaacf54e294b617e6d6d8eb1d6d5c6cf535f0f6edc1d4af6

  • SHA512

    3d71c976c222c1810b4074ccb4f77ad405417c3b01cf7f5e574cc6a856db9147bf2c4848ade2a239c2087e18522e89f8d5ea9f01eb9cc114d4de53ff96309a24

Malware Config

Extracted

Family

mirai

Botnet

KURC

Extracted

Family

mirai

Botnet

KURC

Extracted

Family

mirai

Botnet

KURC

Targets

    • Target

      jewn.sh

    • Size

      1KB

    • MD5

      1be2b13404075df516523651fa37d6ab

    • SHA1

      3a4d59a4bcfa3fd37fd5502b1f6534e8e3e9c454

    • SHA256

      ed5b1c0bbab80f76aaacf54e294b617e6d6d8eb1d6d5c6cf535f0f6edc1d4af6

    • SHA512

      3d71c976c222c1810b4074ccb4f77ad405417c3b01cf7f5e574cc6a856db9147bf2c4848ade2a239c2087e18522e89f8d5ea9f01eb9cc114d4de53ff96309a24

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (53353) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks