Extracted

Extracted

Extracted

• • Target

    2942033aaf811f6413e49820d60ca6d0d3400297b30068f540155d91f0f071cc.sh

  • Size

    2KB

  • MD5

    624b68623e669355734d1149ffd5d430

  • SHA1

    ce07fb83638c8fa2865aa2b3d007c35902f7d96a

  • SHA256

    2942033aaf811f6413e49820d60ca6d0d3400297b30068f540155d91f0f071cc

  • SHA512

    143e96f06f585f9b6702e9e33497936b5c7b2675a8e0f9aaa3b93289926491ad7e6e204b114a7ca5c09d4bbd44cf2b2b005801ca31338b10d8cbbe9301c4bb23

  Score

  10^/10

  miraiunstbotnetdefense_evasiondiscoveryupxantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (69742) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2behavioral3behavioral4