General

  • Target

    zte.sh

  • Size

    2KB

  • Sample

    241217-ssy1gaslcw

  • MD5

    c2d1389e84451b69803d505ce0293f61

  • SHA1

    6625185014b47c560c6059209c06de1e299fcb16

  • SHA256

    0e6380d32502ec32658a9bd06ee6162eb5f519fefc44ab78047f624eed3b6689

  • SHA512

    349a95586f606270c528700f2cd615a667cb48b498fa53221f05e3c46bcf8616942b617591548b6091c24d7fb949f1904c536f6d7f14071cfa9ec3897522adc5

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Targets

    • Target

      zte.sh

    • Size

      2KB

    • MD5

      c2d1389e84451b69803d505ce0293f61

    • SHA1

      6625185014b47c560c6059209c06de1e299fcb16

    • SHA256

      0e6380d32502ec32658a9bd06ee6162eb5f519fefc44ab78047f624eed3b6689

    • SHA512

      349a95586f606270c528700f2cd615a667cb48b498fa53221f05e3c46bcf8616942b617591548b6091c24d7fb949f1904c536f6d7f14071cfa9ec3897522adc5

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Deletes itself

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks