General

  • Target

    379db9c6b0007495f546f40e4f5ac4a5e2d2390e7b38e51d5c8217cb6406007e.sh

  • Size

    8KB

  • Sample

    240906-bh7fesycna

  • MD5

    5b440bc26f1a7690e6c29bcd1e0a00d0

  • SHA1

    c6523a2f450568a3f4eefedcf6c137258737e8c5

  • SHA256

    379db9c6b0007495f546f40e4f5ac4a5e2d2390e7b38e51d5c8217cb6406007e

  • SHA512

    f10d45e2b6c8bdd5c7ec016a3c15945ae3cf371f0479b9169003a6490f427ef538fffe051b8db7989e8e8c999fa13eaf5e61b87bc8a86d42155e47a726b57357

  • SSDEEP

    192:RE+PUcCX7X6XBXQXHXOX9XEX9XxX0XgXoXJ3iqbqaqhqwqnquqdqkqdqRqUqAqIV:TY

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

www.india-scam-call-center.pw

www.akck.ru

45.152.112.46

Extracted

Family

mirai

Botnet

MIRAI

C2

www.india-scam-call-center.pw

45.152.112.46

Extracted

Family

mirai

Botnet

MIRAI

C2

www.india-scam-call-center.pw

www.akck.ru

Targets

    • Target

      379db9c6b0007495f546f40e4f5ac4a5e2d2390e7b38e51d5c8217cb6406007e.sh

    • Size

      8KB

    • MD5

      5b440bc26f1a7690e6c29bcd1e0a00d0

    • SHA1

      c6523a2f450568a3f4eefedcf6c137258737e8c5

    • SHA256

      379db9c6b0007495f546f40e4f5ac4a5e2d2390e7b38e51d5c8217cb6406007e

    • SHA512

      f10d45e2b6c8bdd5c7ec016a3c15945ae3cf371f0479b9169003a6490f427ef538fffe051b8db7989e8e8c999fa13eaf5e61b87bc8a86d42155e47a726b57357

    • SSDEEP

      192:RE+PUcCX7X6XBXQXHXOX9XEX9XxX0XgXoXJ3iqbqaqhqwqnquqdqkqdqRqUqAqIV:TY

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (47504) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks