General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
241217-g4wtpssqb1
-
MD5
14099ca3ba60ee276a8d96c4b47cd58f
-
SHA1
d46e02797df3f7be4bf440003b2296ffe8992451
-
SHA256
e9e9f5c2ab6480da0637b837bf75b5fc2ae683e2c1711d8bb2776b617b2fdbc5
-
SHA512
249ced36cbe0e9ab7f4dabbcfcc1891e3fc582f6ab523a22a3f5bddfc3d9ce83686152cda53a6b4b922fee3b3b5b28436f3342ed31b15fea0a324b0c2f30dab9
Static task
static1
Behavioral task
behavioral1
Sample
ohshit.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ohshit.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
ohshit.sh
Resource
debian9-mipsbe-20240611-en
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
14099ca3ba60ee276a8d96c4b47cd58f
-
SHA1
d46e02797df3f7be4bf440003b2296ffe8992451
-
SHA256
e9e9f5c2ab6480da0637b837bf75b5fc2ae683e2c1711d8bb2776b617b2fdbc5
-
SHA512
249ced36cbe0e9ab7f4dabbcfcc1891e3fc582f6ab523a22a3f5bddfc3d9ce83686152cda53a6b4b922fee3b3b5b28436f3342ed31b15fea0a324b0c2f30dab9
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1