General

  • Target

    ohshit.sh

  • Size

    2KB

  • Sample

    241108-jdjgssydrj

  • MD5

    bb0436e9b800f11fde4abd3cd6602543

  • SHA1

    1f5e046c4d4308ac209363af8a25e502c5375fb6

  • SHA256

    a670e300522e3ebcb86a208a42eb1fc1d0148d756c9d271270ae27513a484a0e

  • SHA512

    55722911c5dbdd35701406a43766907ce318dedff6e860991176cec5a59b562ed80865fdeff94d6c34ae7b596e75b388441c8e684589ddc2fadd973483d62d10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      ohshit.sh

    • Size

      2KB

    • MD5

      bb0436e9b800f11fde4abd3cd6602543

    • SHA1

      1f5e046c4d4308ac209363af8a25e502c5375fb6

    • SHA256

      a670e300522e3ebcb86a208a42eb1fc1d0148d756c9d271270ae27513a484a0e

    • SHA512

      55722911c5dbdd35701406a43766907ce318dedff6e860991176cec5a59b562ed80865fdeff94d6c34ae7b596e75b388441c8e684589ddc2fadd973483d62d10

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks