General
-
Target
l.sh
-
Size
1023B
-
Sample
241110-glahratqbk
-
MD5
7b22ddce7c0508d0c94f66a94e9d9887
-
SHA1
0bef0450a7e94c9f777bbf710206a59f847c97d1
-
SHA256
a909843aac250b8580f42dadcb806cd38a1157f96e2b93f8d94d7c3db9f9d2cb
-
SHA512
8d61940e6ecbbeff466eaac7c63fb0ec0531970ea1b0a08994b467137435b4d95c0f610e5a61fd31538bbc63561cba92ebee2d2d9aa22a5542c747bfb04c8c61
Static task
static1
Behavioral task
behavioral1
Sample
l.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
l.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
l.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
l.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
l.sh
-
Size
1023B
-
MD5
7b22ddce7c0508d0c94f66a94e9d9887
-
SHA1
0bef0450a7e94c9f777bbf710206a59f847c97d1
-
SHA256
a909843aac250b8580f42dadcb806cd38a1157f96e2b93f8d94d7c3db9f9d2cb
-
SHA512
8d61940e6ecbbeff466eaac7c63fb0ec0531970ea1b0a08994b467137435b4d95c0f610e5a61fd31538bbc63561cba92ebee2d2d9aa22a5542c747bfb04c8c61
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-