Extracted

Extracted

Extracted

• • Target

    R0I24_na.sh

  • Size

    4KB

  • MD5

    d97f217a1dad90ac2a811c2684010888

  • SHA1

    7aedac430643630d8d80e361279e85bf4a583679

  • SHA256

    81a013dd15f6f42dc9b2f72ebfc7b5ecbc3be11b6e7777618bc500fa910102f3

  • SHA512

    a98fe8d2822b641beaa27829c6e393974f666bdc502e459ed0e4e27f1213178fe92938960edcf81d4bcc30f7c0aec157dc353f34fb2652bff4c6a75996ac337f

  • SSDEEP

    96:vNVjkNw4tNx/oNN7sNdMdEpF7Nn9qNUsBN2mnNRf4N3tiNueXNySjNGWvNPl9:GO4Fk

  Score

  10^/10

  miraiunstablebotnetdefense_evasiondiscoveryupxantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (222274) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3behavioral4