General
-
Target
aws.sh
-
Size
2KB
-
Sample
241103-ry56asxclj
-
MD5
b9ea41c0744886c9aa436d2560a56f9d
-
SHA1
eab007c33f66384f237c3385f56ad11522778fcd
-
SHA256
03f69bcb2f4e202c7372cf932d65338255201439fe776cd8ac8a9632065555bf
-
SHA512
767eafb58db47b959fa25019f2ecb7bc93d983e84fee08303918b36b9c0034b2675dd6751b66dcf990a80018ae48c25c5789502b385e668cc2b6f96d2dd41889
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
aws.sh
-
Size
2KB
-
MD5
b9ea41c0744886c9aa436d2560a56f9d
-
SHA1
eab007c33f66384f237c3385f56ad11522778fcd
-
SHA256
03f69bcb2f4e202c7372cf932d65338255201439fe776cd8ac8a9632065555bf
-
SHA512
767eafb58db47b959fa25019f2ecb7bc93d983e84fee08303918b36b9c0034b2675dd6751b66dcf990a80018ae48c25c5789502b385e668cc2b6f96d2dd41889
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (34714) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1