General
-
Target
8UsA.sh
-
Size
1KB
-
Sample
241122-xnkphawnhw
-
MD5
513641f5f60d55559c2060489de6d605
-
SHA1
c95feec2255732b60d434b0639b88a5cff205ea0
-
SHA256
1100eaedb376144012b559268f7ee73e8bfe32e9fc79072c193d1560fbbe34dd
-
SHA512
71ee20fe10e58b1d9a0e0e5268ba264e35e15e3a5190cfdf5950245579fbbdabd9aef7dc11e9398e0df8add1afb1400a0134911b6ebb9deb937b578fc52775e0
Malware Config
Targets
-
-
Target
8UsA.sh
-
Size
1KB
-
MD5
513641f5f60d55559c2060489de6d605
-
SHA1
c95feec2255732b60d434b0639b88a5cff205ea0
-
SHA256
1100eaedb376144012b559268f7ee73e8bfe32e9fc79072c193d1560fbbe34dd
-
SHA512
71ee20fe10e58b1d9a0e0e5268ba264e35e15e3a5190cfdf5950245579fbbdabd9aef7dc11e9398e0df8add1afb1400a0134911b6ebb9deb937b578fc52775e0
Score10/10-
Detected Echobot
-
Echobot
An updated variant of Mirai which infects a wide range of IoT devices to form a botnet.
-
Echobot family
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (168126) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1