Extracted

Extracted

Extracted

• • Target

    ffabeb97e0ed60b65786ad46f48679f7b45e3bb50f5b9a937eddddab9a9f4dfc.sh

  • Size

    4KB

  • MD5

    9e33609615c907d5f42d4b5f7924c8ff

  • SHA1

    f306070b4ac0aaedcb98f44d8e8cb7349b063c06

  • SHA256

    ffabeb97e0ed60b65786ad46f48679f7b45e3bb50f5b9a937eddddab9a9f4dfc

  • SHA512

    159addae1f8f6f57da716bec85c9f0f27287df8788a6fa9c0b686117067479251a2fa051c83be605be14911788e5f5476f6cf827c7bc2548f5734e8d42a42c9a

  • SSDEEP

    96:vNVj+Nw4RNx/6NN7GNdMdEpFLNn9YNUs9N2mPNRfKN3tQNue/NySzNGW3NPlL:MO4Fm

  Score

  10^/10

  miraiunstablebotnetdefense_evasiondiscoveryupxantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (189080) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3behavioral4