General
-
Target
zte.sh
-
Size
2KB
-
Sample
241211-1qjf1azkey
-
MD5
e7010ba54fe291db265bb12c0443bbf2
-
SHA1
266bdbe29e133e0a0a23750bf78c52b868f5218f
-
SHA256
ba5e9d67ad88371bdbc78be6efd5ebb442341a06b12fe2fd4b4458d07b3d432d
-
SHA512
86670c118fc0e1ee954e6f12a145aabc57c00133bb767f8f006ecc40fd35b91e5a072bb9e65d1e30279c9569b6ac53e3fda0f622d2a8591fe9b880a4f3524cfa
Malware Config
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Targets
-
-
Target
zte.sh
-
Size
2KB
-
MD5
e7010ba54fe291db265bb12c0443bbf2
-
SHA1
266bdbe29e133e0a0a23750bf78c52b868f5218f
-
SHA256
ba5e9d67ad88371bdbc78be6efd5ebb442341a06b12fe2fd4b4458d07b3d432d
-
SHA512
86670c118fc0e1ee954e6f12a145aabc57c00133bb767f8f006ecc40fd35b91e5a072bb9e65d1e30279c9569b6ac53e3fda0f622d2a8591fe9b880a4f3524cfa
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (101324) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1