General

  • Target

    ohshit.sh

  • Size

    2KB

  • Sample

    241217-g7fa5atpap

  • MD5

    14099ca3ba60ee276a8d96c4b47cd58f

  • SHA1

    d46e02797df3f7be4bf440003b2296ffe8992451

  • SHA256

    e9e9f5c2ab6480da0637b837bf75b5fc2ae683e2c1711d8bb2776b617b2fdbc5

  • SHA512

    249ced36cbe0e9ab7f4dabbcfcc1891e3fc582f6ab523a22a3f5bddfc3d9ce83686152cda53a6b4b922fee3b3b5b28436f3342ed31b15fea0a324b0c2f30dab9

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      ohshit.sh

    • Size

      2KB

    • MD5

      14099ca3ba60ee276a8d96c4b47cd58f

    • SHA1

      d46e02797df3f7be4bf440003b2296ffe8992451

    • SHA256

      e9e9f5c2ab6480da0637b837bf75b5fc2ae683e2c1711d8bb2776b617b2fdbc5

    • SHA512

      249ced36cbe0e9ab7f4dabbcfcc1891e3fc582f6ab523a22a3f5bddfc3d9ce83686152cda53a6b4b922fee3b3b5b28436f3342ed31b15fea0a324b0c2f30dab9

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks