General
-
Target
realtek.sh
-
Size
2KB
-
Sample
241211-1qjf1atqen
-
MD5
84b175db7b86bd1fad6be93ca576a5e3
-
SHA1
e614d40c69e0386d9ccd3bdd80380c0a98f18b2b
-
SHA256
698fe2f6e7ebc4cf6b908cd64ce0f78266f254f807f9835715d7ba77423bbf49
-
SHA512
8d48bedea8b9a9ed61b30dd548b5c6f4d351a9636237f6d37b2d2780f39c416b9bf6aa2e6d7ae23bebb7b79573d6882f9de2c69a07ae55ff1d29c0131e0bb853
Static task
static1
Behavioral task
behavioral1
Sample
realtek.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
realtek.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
realtek.sh
Resource
debian9-mipsbe-20240611-en
Malware Config
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Targets
-
-
Target
realtek.sh
-
Size
2KB
-
MD5
84b175db7b86bd1fad6be93ca576a5e3
-
SHA1
e614d40c69e0386d9ccd3bdd80380c0a98f18b2b
-
SHA256
698fe2f6e7ebc4cf6b908cd64ce0f78266f254f807f9835715d7ba77423bbf49
-
SHA512
8d48bedea8b9a9ed61b30dd548b5c6f4d351a9636237f6d37b2d2780f39c416b9bf6aa2e6d7ae23bebb7b79573d6882f9de2c69a07ae55ff1d29c0131e0bb853
-
Mirai family
-
Contacts a large (106054) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1