General
-
Target
thinkphp.sh
-
Size
2KB
-
Sample
241217-shbgesskcw
-
MD5
db3a7457f4154588f7433e2942262840
-
SHA1
643f9177e1c2e4fb068a738aed39d9f4077a1b40
-
SHA256
b70f72d434a70753f21c18e3f40d2a36883f06d8875c343102b624057f6d69c7
-
SHA512
d7fecb9613574057145723589f2f34a5b957791f4b63c8529301e6cd4829a1538b38f4e55900303b73124855b67e6af97dfd57c2008c9f87f620675d40ffd9bd
Static task
static1
Behavioral task
behavioral1
Sample
thinkphp.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
thinkphp.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
thinkphp.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
thinkphp.sh
Resource
debian9-mipsel-20240611-en
Malware Config
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Extracted
mirai
UNSTABLE
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Targets
-
-
Target
thinkphp.sh
-
Size
2KB
-
MD5
db3a7457f4154588f7433e2942262840
-
SHA1
643f9177e1c2e4fb068a738aed39d9f4077a1b40
-
SHA256
b70f72d434a70753f21c18e3f40d2a36883f06d8875c343102b624057f6d69c7
-
SHA512
d7fecb9613574057145723589f2f34a5b957791f4b63c8529301e6cd4829a1538b38f4e55900303b73124855b67e6af97dfd57c2008c9f87f620675d40ffd9bd
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes itself
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1