General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
241125-1fwnkstrel
-
MD5
81eee2b1d28af46c8e9190b0c20fce28
-
SHA1
8025e6d6f83b129d6c7a11a684d5d6f54d160333
-
SHA256
b86582605641a45410c0811cec9d1d19deb98bb5c4f5cd27caa06949e2ec7e30
-
SHA512
359baa5371f4f8cbd4c3caf9cb1b02624b22d8cadd63722c2a9db673e73df55f6f75988e988911ee731e3b30b5a1c22207cd9a8aebb933c38bab17f9a1f8df45
Static task
static1
Behavioral task
behavioral1
Sample
ohshit.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ohshit.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ohshit.sh
Resource
debian9-mipsbe-20240729-en
Malware Config
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
81eee2b1d28af46c8e9190b0c20fce28
-
SHA1
8025e6d6f83b129d6c7a11a684d5d6f54d160333
-
SHA256
b86582605641a45410c0811cec9d1d19deb98bb5c4f5cd27caa06949e2ec7e30
-
SHA512
359baa5371f4f8cbd4c3caf9cb1b02624b22d8cadd63722c2a9db673e73df55f6f75988e988911ee731e3b30b5a1c22207cd9a8aebb933c38bab17f9a1f8df45
-
Detected Echobot
-
Echobot family
-
Mirai family
-
Contacts a large (131682) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1