General

  • Target

    realtek.sh

  • Size

    2KB

  • Sample

    241211-1qjf1atqen

  • MD5

    84b175db7b86bd1fad6be93ca576a5e3

  • SHA1

    e614d40c69e0386d9ccd3bdd80380c0a98f18b2b

  • SHA256

    698fe2f6e7ebc4cf6b908cd64ce0f78266f254f807f9835715d7ba77423bbf49

  • SHA512

    8d48bedea8b9a9ed61b30dd548b5c6f4d351a9636237f6d37b2d2780f39c416b9bf6aa2e6d7ae23bebb7b79573d6882f9de2c69a07ae55ff1d29c0131e0bb853

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      realtek.sh

    • Size

      2KB

    • MD5

      84b175db7b86bd1fad6be93ca576a5e3

    • SHA1

      e614d40c69e0386d9ccd3bdd80380c0a98f18b2b

    • SHA256

      698fe2f6e7ebc4cf6b908cd64ce0f78266f254f807f9835715d7ba77423bbf49

    • SHA512

      8d48bedea8b9a9ed61b30dd548b5c6f4d351a9636237f6d37b2d2780f39c416b9bf6aa2e6d7ae23bebb7b79573d6882f9de2c69a07ae55ff1d29c0131e0bb853

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • Contacts a large (106054) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks