General

  • Target

    7bad123032a0e9a4f6d7a399b7d7a171c24f505201186d679ca495ba936195bd.sh

  • Size

    916B

  • Sample

    241110-c398gsxgrc

  • MD5

    19c4fe1b103747e55af818fc3f07fdbe

  • SHA1

    ccb4350c6ce8bb9449a9dc5dfa4910762d1d9fe8

  • SHA256

    7bad123032a0e9a4f6d7a399b7d7a171c24f505201186d679ca495ba936195bd

  • SHA512

    2d3f697da5886721e51cbc720a77c9c755027d361a7e139de80be1ee5c2dd1c76a20d3c33fb32177a5318400fbec36555c93cd9b860e398b5b1fd73e3c5fa270

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      7bad123032a0e9a4f6d7a399b7d7a171c24f505201186d679ca495ba936195bd.sh

    • Size

      916B

    • MD5

      19c4fe1b103747e55af818fc3f07fdbe

    • SHA1

      ccb4350c6ce8bb9449a9dc5dfa4910762d1d9fe8

    • SHA256

      7bad123032a0e9a4f6d7a399b7d7a171c24f505201186d679ca495ba936195bd

    • SHA512

      2d3f697da5886721e51cbc720a77c9c755027d361a7e139de80be1ee5c2dd1c76a20d3c33fb32177a5318400fbec36555c93cd9b860e398b5b1fd73e3c5fa270

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks