mirai | 1b6a6ceb23e46cf0a36bb0f1fc89472f3ec42ea1b23ca15ffe49c39f8d9ea0f4 | Triage

Submit
Reports

Overview

overview

Static

static

1

ohshit.sh

ubuntu-18.04-amd64

ohshit.sh

debian-9-armhf

ohshit.sh

debian-9-mips

ohshit.sh

debian-9-mipsel

Sharing

General

Target

ohshit.sh
Size

3KB
Sample

241202-albmgsyrb1
MD5

88738a95929e9c44969bcffde3c50f4b
SHA1

5b9581fadd1ea4b8621d5b0adb559a631b1226ee
SHA256

1b6a6ceb23e46cf0a36bb0f1fc89472f3ec42ea1b23ca15ffe49c39f8d9ea0f4
SHA512

df40b12ad937df1d3a36673761fe27b5c2072f1f871f37610e76987411c292f75b70035258ebf6f912d4f856ad014c0d67d461e87e71b939e127179c5bd985f9

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery linux upx

Static task

static1

Behavioral task

behavioral1

Sample

ohshit.sh

Resource

ubuntu1804-amd64-20240611-en

mirai lzrd botnet defense_evasion discovery upx

ubuntu-18.04-amd64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ohshit.sh

Resource

debian9-armhf-20240611-en

mirai lzrd antivm botnet defense_evasion discovery upx

debian-9-armhf

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

ohshit.sh

Resource

debian9-mipsbe-20240611-en

mirai lzrd botnet defense_evasion discovery upx

debian-9-mips

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

ohshit.sh

Resource

debian9-mipsel-20240226-en

mirai lzrd botnet defense_evasion discovery upx

debian-9-mipsel

10 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  ohshit.sh
- Size
  
  3KB
- MD5
  
  88738a95929e9c44969bcffde3c50f4b
- SHA1
  
  5b9581fadd1ea4b8621d5b0adb559a631b1226ee
- SHA256
  
  1b6a6ceb23e46cf0a36bb0f1fc89472f3ec42ea1b23ca15ffe49c39f8d9ea0f4
- SHA512
  
  df40b12ad937df1d3a36673761fe27b5c2072f1f871f37610e76987411c292f75b70035258ebf6f912d4f856ad014c0d67d461e87e71b939e127179c5bd985f9
Score

10^/10

mirai lzrd botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Writes file to system bin folder
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral2

mirailzrdantivmbotnetdefense_evasiondiscoveryupx

behavioral3

mirailzrdbotnetdefense_evasiondiscoveryupx

behavioral4

mirailzrdbotnetdefense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy