General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
241108-jdjgssydrj
-
MD5
bb0436e9b800f11fde4abd3cd6602543
-
SHA1
1f5e046c4d4308ac209363af8a25e502c5375fb6
-
SHA256
a670e300522e3ebcb86a208a42eb1fc1d0148d756c9d271270ae27513a484a0e
-
SHA512
55722911c5dbdd35701406a43766907ce318dedff6e860991176cec5a59b562ed80865fdeff94d6c34ae7b596e75b388441c8e684589ddc2fadd973483d62d10
Static task
static1
Behavioral task
behavioral1
Sample
ohshit.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ohshit.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ohshit.sh
Resource
debian9-mipsbe-20240418-en
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
bb0436e9b800f11fde4abd3cd6602543
-
SHA1
1f5e046c4d4308ac209363af8a25e502c5375fb6
-
SHA256
a670e300522e3ebcb86a208a42eb1fc1d0148d756c9d271270ae27513a484a0e
-
SHA512
55722911c5dbdd35701406a43766907ce318dedff6e860991176cec5a59b562ed80865fdeff94d6c34ae7b596e75b388441c8e684589ddc2fadd973483d62d10
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1