General

  • Target

    zyxel.sh

  • Size

    2KB

  • Sample

    241217-shbr7atjcj

  • MD5

    6636e230caa35294c1686f9b0048fea8

  • SHA1

    7f8a48a2f7265edc89660939ba2f30fee58eda26

  • SHA256

    ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe

  • SHA512

    015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Targets

    • Target

      zyxel.sh

    • Size

      2KB

    • MD5

      6636e230caa35294c1686f9b0048fea8

    • SHA1

      7f8a48a2f7265edc89660939ba2f30fee58eda26

    • SHA256

      ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe

    • SHA512

      015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Deletes itself

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks