General

  • Target

    ohshit.sh

  • Size

    3KB

  • Sample

    241108-m3djmatlgl

  • MD5

    8281612815eb8d5a616ebec1a6bc399a

  • SHA1

    a1ece9fce74515d736aa68305699c03704893e1a

  • SHA256

    50df560f3cb75408750afb75598ed64aa8720f9abf1d534ec72d715fa2a6db13

  • SHA512

    b233746934d38f47a6b527c4d94ea6f3fda40bdf8ddf60b390d49a3a6a7220a657b1fcf3dcefb010fda509e8f23afe52e8e8ef17e14117c68e743233b0b8348f

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      ohshit.sh

    • Size

      3KB

    • MD5

      8281612815eb8d5a616ebec1a6bc399a

    • SHA1

      a1ece9fce74515d736aa68305699c03704893e1a

    • SHA256

      50df560f3cb75408750afb75598ed64aa8720f9abf1d534ec72d715fa2a6db13

    • SHA512

      b233746934d38f47a6b527c4d94ea6f3fda40bdf8ddf60b390d49a3a6a7220a657b1fcf3dcefb010fda509e8f23afe52e8e8ef17e14117c68e743233b0b8348f

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks