General
-
Target
zyxel.sh
-
Size
2KB
-
Sample
241217-shbr7atjcj
-
MD5
6636e230caa35294c1686f9b0048fea8
-
SHA1
7f8a48a2f7265edc89660939ba2f30fee58eda26
-
SHA256
ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe
-
SHA512
015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615
Static task
static1
Behavioral task
behavioral1
Sample
zyxel.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
zyxel.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
zyxel.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
zyxel.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Extracted
mirai
UNSTABLE
Extracted
mirai
UNSTABLE
servers.vlrt-gap.com
Targets
-
-
Target
zyxel.sh
-
Size
2KB
-
MD5
6636e230caa35294c1686f9b0048fea8
-
SHA1
7f8a48a2f7265edc89660939ba2f30fee58eda26
-
SHA256
ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe
-
SHA512
015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes itself
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1