General

  • Target

    2a51a31d68eb4fa02088756ceaff39ae3a7e78768fcc48cb9f81c67207be1d92.sh

  • Size

    2KB

  • Sample

    241110-cm3tgaxdre

  • MD5

    2429f698cf97fe571bd6fdc423c2925c

  • SHA1

    6a16632e6d5e903b94aac179a258f3ec5452881e

  • SHA256

    2a51a31d68eb4fa02088756ceaff39ae3a7e78768fcc48cb9f81c67207be1d92

  • SHA512

    9d351efd9ed6bfe34481ca2d23e9f482b68351900fe9c0a756b572a71c6af98c0c1633d198e45ec926ec2fa25aa3448f19f13cb2d7cf87e4203e07927f0fe5f3

Malware Config

Extracted

Family

mirai

Botnet

OWARI

C2

cnc.carteldesinaloa.ru

Targets

    • Target

      2a51a31d68eb4fa02088756ceaff39ae3a7e78768fcc48cb9f81c67207be1d92.sh

    • Size

      2KB

    • MD5

      2429f698cf97fe571bd6fdc423c2925c

    • SHA1

      6a16632e6d5e903b94aac179a258f3ec5452881e

    • SHA256

      2a51a31d68eb4fa02088756ceaff39ae3a7e78768fcc48cb9f81c67207be1d92

    • SHA512

      9d351efd9ed6bfe34481ca2d23e9f482b68351900fe9c0a756b572a71c6af98c0c1633d198e45ec926ec2fa25aa3448f19f13cb2d7cf87e4203e07927f0fe5f3

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (91474) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks