General

  • Target

    l.sh

  • Size

    923B

  • Sample

    241108-rrt5fstepb

  • MD5

    c44320dbe100363da4345e4178ae215b

  • SHA1

    8f1d681128e497630d514fc35178f1df23944cdf

  • SHA256

    486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8

  • SHA512

    1b87937c66d8ab4bfc5f51b7b5139c6132a4d4087a432ba4323f2ca3f3a6214ccc8d5d1434cb338f73c76180d47712919aecc3c04fc9d851d326ea14a6b1baff

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      l.sh

    • Size

      923B

    • MD5

      c44320dbe100363da4345e4178ae215b

    • SHA1

      8f1d681128e497630d514fc35178f1df23944cdf

    • SHA256

      486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8

    • SHA512

      1b87937c66d8ab4bfc5f51b7b5139c6132a4d4087a432ba4323f2ca3f3a6214ccc8d5d1434cb338f73c76180d47712919aecc3c04fc9d851d326ea14a6b1baff

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (257164) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks