General

  • Target

    l.sh

  • Size

    1023B

  • Sample

    241110-glahratqbk

  • MD5

    7b22ddce7c0508d0c94f66a94e9d9887

  • SHA1

    0bef0450a7e94c9f777bbf710206a59f847c97d1

  • SHA256

    a909843aac250b8580f42dadcb806cd38a1157f96e2b93f8d94d7c3db9f9d2cb

  • SHA512

    8d61940e6ecbbeff466eaac7c63fb0ec0531970ea1b0a08994b467137435b4d95c0f610e5a61fd31538bbc63561cba92ebee2d2d9aa22a5542c747bfb04c8c61

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      l.sh

    • Size

      1023B

    • MD5

      7b22ddce7c0508d0c94f66a94e9d9887

    • SHA1

      0bef0450a7e94c9f777bbf710206a59f847c97d1

    • SHA256

      a909843aac250b8580f42dadcb806cd38a1157f96e2b93f8d94d7c3db9f9d2cb

    • SHA512

      8d61940e6ecbbeff466eaac7c63fb0ec0531970ea1b0a08994b467137435b4d95c0f610e5a61fd31538bbc63561cba92ebee2d2d9aa22a5542c747bfb04c8c61

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks