General
-
Target
8UsA.sh
-
Size
1KB
-
Sample
241201-ke1m5stlbp
-
MD5
40b419c1257c09142c7f5abcfe4d1e5f
-
SHA1
a02cd9e590d466b74a7607b6b882eddf441ffef6
-
SHA256
ac35b48ec56af9c6f18a9842ebeafbf53a72e2f8b8f11488e155d47ff06dc8e8
-
SHA512
fadecf09f5ac415682cdf53290f6e6c3180c67564504c2b88ae9e8e07b927432c4a20dc863963312a7a72b6d65166d5d8d043bc1c725b790b01caeb140bb9d49
Malware Config
Targets
-
-
Target
8UsA.sh
-
Size
1KB
-
MD5
40b419c1257c09142c7f5abcfe4d1e5f
-
SHA1
a02cd9e590d466b74a7607b6b882eddf441ffef6
-
SHA256
ac35b48ec56af9c6f18a9842ebeafbf53a72e2f8b8f11488e155d47ff06dc8e8
-
SHA512
fadecf09f5ac415682cdf53290f6e6c3180c67564504c2b88ae9e8e07b927432c4a20dc863963312a7a72b6d65166d5d8d043bc1c725b790b01caeb140bb9d49
Score10/10-
Detected Echobot
-
Echobot
An updated variant of Mirai which infects a wide range of IoT devices to form a botnet.
-
Echobot family
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (156906) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1