General
-
Target
ohshit.sh
-
Size
3KB
-
Sample
241108-m3djmatlgl
-
MD5
8281612815eb8d5a616ebec1a6bc399a
-
SHA1
a1ece9fce74515d736aa68305699c03704893e1a
-
SHA256
50df560f3cb75408750afb75598ed64aa8720f9abf1d534ec72d715fa2a6db13
-
SHA512
b233746934d38f47a6b527c4d94ea6f3fda40bdf8ddf60b390d49a3a6a7220a657b1fcf3dcefb010fda509e8f23afe52e8e8ef17e14117c68e743233b0b8348f
Static task
static1
Behavioral task
behavioral1
Sample
ohshit.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ohshit.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ohshit.sh
Resource
debian9-mipsbe-20240418-en
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
3KB
-
MD5
8281612815eb8d5a616ebec1a6bc399a
-
SHA1
a1ece9fce74515d736aa68305699c03704893e1a
-
SHA256
50df560f3cb75408750afb75598ed64aa8720f9abf1d534ec72d715fa2a6db13
-
SHA512
b233746934d38f47a6b527c4d94ea6f3fda40bdf8ddf60b390d49a3a6a7220a657b1fcf3dcefb010fda509e8f23afe52e8e8ef17e14117c68e743233b0b8348f
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1