General
-
Target
jaws.sh
-
Size
2KB
-
Sample
241217-shbgesskcs
-
MD5
3f86bcae03caf55177b7f7f6147e7ecf
-
SHA1
33fd9ca28f8514fd389d298b46b0e1613e8bb8bb
-
SHA256
4eee97d2f9a4cca13e5c376aa26e1258b9994ecec267b2cbc6e879890a2259f1
-
SHA512
24f2a3727d123b1ff7a3803e494fad24bacd8bcee0ea2157cec602b56ecb8ffed3aa2b6788fbfbf752818bfd9e250a144e6f3d800279717ab19aae4e98025f11
Static task
static1
Behavioral task
behavioral1
Sample
jaws.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
jaws.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
jaws.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
jaws.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Extracted
mirai
UNSTABLE
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Targets
-
-
Target
jaws.sh
-
Size
2KB
-
MD5
3f86bcae03caf55177b7f7f6147e7ecf
-
SHA1
33fd9ca28f8514fd389d298b46b0e1613e8bb8bb
-
SHA256
4eee97d2f9a4cca13e5c376aa26e1258b9994ecec267b2cbc6e879890a2259f1
-
SHA512
24f2a3727d123b1ff7a3803e494fad24bacd8bcee0ea2157cec602b56ecb8ffed3aa2b6788fbfbf752818bfd9e250a144e6f3d800279717ab19aae4e98025f11
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes itself
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1