Extracted

Extracted

Extracted

• • Target

    2521824d3c961493376afe44a83b2f2c0c413da620671aeef642024213194b20.sh

  • Size

    4KB

  • MD5

    5c6503e384afa4d121f7cf871bb3e4a2

  • SHA1

    c7339a2f6aee5906171bb9c8f2437304abbce793

  • SHA256

    2521824d3c961493376afe44a83b2f2c0c413da620671aeef642024213194b20

  • SHA512

    6a9c53dba30867099865c24f5394deefd616a5a3dd63e5193592fb7700d5c547258929f81b62cfbc698d4f0dbde7701077b75e9c721e8d7de24e05fef119a038

  • SSDEEP

    96:vNVjdNw4ENx/pNN7VNdMdEpFGNn9vNUswN2maNRfZN3t3NueqNySeNGWyNPlk:UO4Fk

  Score

  10^/10

  miraiunstablebotnetdefense_evasiondiscoveryupxantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (224655) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3behavioral4