General
-
Target
jaws.sh
-
Size
2KB
-
Sample
241103-ry56asxclk
-
MD5
a39430f0a72b7ca78b308b49dc968338
-
SHA1
dcc3efe2e6da2394ac5ef5d8a85207978cd3a554
-
SHA256
2d2b2aac5221caf1d6da72b569fa3ad2b4ecd5c2fd7784e64140261b5f921348
-
SHA512
4a20cc0c43770a295ecf2ecd28fa36d3c72eb2f55628c17d0f628c71e12add877621ea25a5724206848a00320bab4fe010ab60c157bd14b184e5b9ee839d147b
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
jaws.sh
-
Size
2KB
-
MD5
a39430f0a72b7ca78b308b49dc968338
-
SHA1
dcc3efe2e6da2394ac5ef5d8a85207978cd3a554
-
SHA256
2d2b2aac5221caf1d6da72b569fa3ad2b4ecd5c2fd7784e64140261b5f921348
-
SHA512
4a20cc0c43770a295ecf2ecd28fa36d3c72eb2f55628c17d0f628c71e12add877621ea25a5724206848a00320bab4fe010ab60c157bd14b184e5b9ee839d147b
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (47531) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1