Overview

overview

10

Static

static

1

8f282fdba3...951.sh

ubuntu-18.04-amd64

10

8f282fdba3...951.sh

debian-9-armhf

10

8f282fdba3...951.sh

debian-9-mips

10

8f282fdba3...951.sh

debian-9-mipsel

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8f282fdba3396dacff6fd450b67ba529470a75d56082363c5066d26157ea8951.sh

  • Size

    4KB

  • Sample

    241018-cmvg4atdnr

  • MD5

    771703a785cd0e135c60b85420e7f602

  • SHA1

    46baa847c38588d32bc0df8828e9fdcaca9db42b

  • SHA256

    8f282fdba3396dacff6fd450b67ba529470a75d56082363c5066d26157ea8951

  • SHA512

    e2c634de7e6578a893312750dda48b2f0350cad53cfdcee5e964e47c47e70623dbb22cebb27c28bc4013b76d0d55c30ad47025c2ab23c3d27b5983d3021de717

  • SSDEEP

    96:vNVju4Nw474Nx/i4NN7G4NdMdEpFF4Nn9o4NUsv4N2mB4NRfS4N3tw4NueR4NySS:6mlzuO4FFvGoV1gUYZb

Score
10/10
miraiunstableantivmbotnetdefense_evasiondiscoverylinuxupx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

Targets

    • Target

      8f282fdba3396dacff6fd450b67ba529470a75d56082363c5066d26157ea8951.sh

    • Size

      4KB

    • MD5

      771703a785cd0e135c60b85420e7f602

    • SHA1

      46baa847c38588d32bc0df8828e9fdcaca9db42b

    • SHA256

      8f282fdba3396dacff6fd450b67ba529470a75d56082363c5066d26157ea8951

    • SHA512

      e2c634de7e6578a893312750dda48b2f0350cad53cfdcee5e964e47c47e70623dbb22cebb27c28bc4013b76d0d55c30ad47025c2ab23c3d27b5983d3021de717

    • SSDEEP

      96:vNVju4Nw474Nx/i4NN7G4NdMdEpFF4Nn9o4NUsv4N2mB4NRfS4N3tw4NueR4NySS:6mlzuO4FFvGoV1gUYZb

    Score
    10/10
    miraiunstablebotnetdefense_evasiondiscoveryupxantivm

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (212800) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks