Overview

overview

10

Static

static

1

220d36bded...a0c.sh

ubuntu-18.04-amd64

10

220d36bded...a0c.sh

debian-9-armhf

10

220d36bded...a0c.sh

debian-9-mips

10

220d36bded...a0c.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    220d36bded88e96516faa4ccdd36e291ad8a7639f36d51e2a3f18098f14f7a0c.sh

  • Size

    4KB

  • Sample

    241018-bpfahs1apm

  • MD5

    80299ebce287b053ec82cff873ddf3b4

  • SHA1

    1cf8df1f0b5e0903ac1a103e4acee85a5f0d6e00

  • SHA256

    220d36bded88e96516faa4ccdd36e291ad8a7639f36d51e2a3f18098f14f7a0c

  • SHA512

    0f48a97903275e97c681719d763775f5a3817b7d1c40ef475d9e444b1fea5d2f1036237b676ff2d22446f80a9ee882d7f738dbd1f17d8c677082d0a63ffc86f6

  • SSDEEP

    96:vNVjNNw4gNx/5NN7lNdMdEpFyNn9/NUssN2mmNRfpN3tnNue2NySqNGWeNPl0:YO4Fs

Score
10/10
miraiunstableantivmbotnetdefense_evasiondiscoverylinuxupx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      220d36bded88e96516faa4ccdd36e291ad8a7639f36d51e2a3f18098f14f7a0c.sh

    • Size

      4KB

    • MD5

      80299ebce287b053ec82cff873ddf3b4

    • SHA1

      1cf8df1f0b5e0903ac1a103e4acee85a5f0d6e00

    • SHA256

      220d36bded88e96516faa4ccdd36e291ad8a7639f36d51e2a3f18098f14f7a0c

    • SHA512

      0f48a97903275e97c681719d763775f5a3817b7d1c40ef475d9e444b1fea5d2f1036237b676ff2d22446f80a9ee882d7f738dbd1f17d8c677082d0a63ffc86f6

    • SSDEEP

      96:vNVjNNw4gNx/5NN7lNdMdEpFyNn9/NUssN2mmNRfpN3tnNue2NySqNGWeNPl0:YO4Fs

    Score
    10/10
    miraiunstablebotnetdefense_evasiondiscoveryupxantivm

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (211384) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks