General
-
Target
134dc395ec12b8f0f040be5edec53a6162732ad047b5f9a37132036bbc71bfea.sh
-
Size
2KB
-
Sample
241212-cjgf3a1mbq
-
MD5
bc40d4bb4de4a22bd513d81d70e0eeec
-
SHA1
996bf695d315b1848bc06b61cd5344572864759a
-
SHA256
134dc395ec12b8f0f040be5edec53a6162732ad047b5f9a37132036bbc71bfea
-
SHA512
8dac2fb98c24f274e9212e7c56ee8b89b83e987758b8a98d8cb15d3848ce1f8695712bb93bd5d47cb3dd28d9335410d4f358eb620a9ca1afe4794732bad411b3
Malware Config
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Extracted
mirai
BOTNET
Targets
-
-
Target
134dc395ec12b8f0f040be5edec53a6162732ad047b5f9a37132036bbc71bfea.sh
-
Size
2KB
-
MD5
bc40d4bb4de4a22bd513d81d70e0eeec
-
SHA1
996bf695d315b1848bc06b61cd5344572864759a
-
SHA256
134dc395ec12b8f0f040be5edec53a6162732ad047b5f9a37132036bbc71bfea
-
SHA512
8dac2fb98c24f274e9212e7c56ee8b89b83e987758b8a98d8cb15d3848ce1f8695712bb93bd5d47cb3dd28d9335410d4f358eb620a9ca1afe4794732bad411b3
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (94694) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1