Extracted

Extracted

Extracted

• • Target

    92db80ff0a69312f362597f8b92ce9e6259384338e67d246f87549dbbae8597e.sh

  • Size

    4KB

  • MD5

    ab9ca96b70ab2766af19b4f66ca51983

  • SHA1

    408dd59c1315ef7a8e4f24a1ba88f37e4a81afb4

  • SHA256

    92db80ff0a69312f362597f8b92ce9e6259384338e67d246f87549dbbae8597e

  • SHA512

    de536cc21e3801d8eadd752a01023966d0508b0511b212f5c3d98636c764b27cb15c8fab6141104f1613b997e7d6d4ee6b230f1ea4a1e534c044082304c0d54a

  • SSDEEP

    96:vNVj8Nw4fNx/gNN7UNdMdEpFlNn9iNUsTN2mRNRfQN3tqNuehNyS9NGWpNPll:oO4FK

  Score

  10^/10

  miraiunstablebotnetdefense_evasiondiscoveryupxantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (214278) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3behavioral4