General
-
Target
goahead.sh
-
Size
2KB
-
Sample
241211-1q3jwazkgw
-
MD5
773c1c86e0bae0797850ada81b9d2592
-
SHA1
d7bc840b90bb6d91af76ff3da47f02499b532b63
-
SHA256
64aece1f47e650294e15961d13d6e648a19cfe51610edd1ad2bce7dec9030dc1
-
SHA512
6b5ef2b0d69703381a2305427e60f563b8864ef9be4fb8e2a9f45f370867a41ddcf784562cfef009db2b9c76f894ce76432ba86a2ecf8d051cd3c991bb510500
Malware Config
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Targets
-
-
Target
goahead.sh
-
Size
2KB
-
MD5
773c1c86e0bae0797850ada81b9d2592
-
SHA1
d7bc840b90bb6d91af76ff3da47f02499b532b63
-
SHA256
64aece1f47e650294e15961d13d6e648a19cfe51610edd1ad2bce7dec9030dc1
-
SHA512
6b5ef2b0d69703381a2305427e60f563b8864ef9be4fb8e2a9f45f370867a41ddcf784562cfef009db2b9c76f894ce76432ba86a2ecf8d051cd3c991bb510500
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (107977) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1