General
-
Target
jewn.sh
-
Size
1KB
-
Sample
240901-nyqttszfkh
-
MD5
1be2b13404075df516523651fa37d6ab
-
SHA1
3a4d59a4bcfa3fd37fd5502b1f6534e8e3e9c454
-
SHA256
ed5b1c0bbab80f76aaacf54e294b617e6d6d8eb1d6d5c6cf535f0f6edc1d4af6
-
SHA512
3d71c976c222c1810b4074ccb4f77ad405417c3b01cf7f5e574cc6a856db9147bf2c4848ade2a239c2087e18522e89f8d5ea9f01eb9cc114d4de53ff96309a24
Static task
static1
Behavioral task
behavioral1
Sample
jewn.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
jewn.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
jewn.sh
Resource
debian9-mipsbe-20240611-en
Malware Config
Extracted
mirai
KURC
Extracted
mirai
KURC
Extracted
mirai
KURC
Targets
-
-
Target
jewn.sh
-
Size
1KB
-
MD5
1be2b13404075df516523651fa37d6ab
-
SHA1
3a4d59a4bcfa3fd37fd5502b1f6534e8e3e9c454
-
SHA256
ed5b1c0bbab80f76aaacf54e294b617e6d6d8eb1d6d5c6cf535f0f6edc1d4af6
-
SHA512
3d71c976c222c1810b4074ccb4f77ad405417c3b01cf7f5e574cc6a856db9147bf2c4848ade2a239c2087e18522e89f8d5ea9f01eb9cc114d4de53ff96309a24
-
Contacts a large (53353) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-