General
-
Target
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
-
Size
923B
-
Sample
241109-c19tyavket
-
MD5
c44320dbe100363da4345e4178ae215b
-
SHA1
8f1d681128e497630d514fc35178f1df23944cdf
-
SHA256
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8
-
SHA512
1b87937c66d8ab4bfc5f51b7b5139c6132a4d4087a432ba4323f2ca3f3a6214ccc8d5d1434cb338f73c76180d47712919aecc3c04fc9d851d326ea14a6b1baff
Static task
static1
Behavioral task
behavioral1
Sample
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
Resource
debian9-mipsel-20240729-en
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8.sh
-
Size
923B
-
MD5
c44320dbe100363da4345e4178ae215b
-
SHA1
8f1d681128e497630d514fc35178f1df23944cdf
-
SHA256
486bb184414a6bb37263ea568512e122fc35071a14edc1a0897e228ed98070c8
-
SHA512
1b87937c66d8ab4bfc5f51b7b5139c6132a4d4087a432ba4323f2ca3f3a6214ccc8d5d1434cb338f73c76180d47712919aecc3c04fc9d851d326ea14a6b1baff
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-