General

  • Target

    zyxel.sh

  • Size

    2KB

  • Sample

    241217-svdgjssldx

  • MD5

    6636e230caa35294c1686f9b0048fea8

  • SHA1

    7f8a48a2f7265edc89660939ba2f30fee58eda26

  • SHA256

    ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe

  • SHA512

    015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Extracted

Family

mirai

Botnet

UNSTABLE

Extracted

Family

mirai

Botnet

UNSTABLE

C2

servers.vlrt-gap.com

Targets

    • Target

      zyxel.sh

    • Size

      2KB

    • MD5

      6636e230caa35294c1686f9b0048fea8

    • SHA1

      7f8a48a2f7265edc89660939ba2f30fee58eda26

    • SHA256

      ef396d7d395c5c89f50f7ba25e77a438b37fb237b7a3a6e7cc39bb5db100e3fe

    • SHA512

      015bf3df843972a2dc4b57e028fef4d3f6db361945a30b86d0d99cd1d572e6f4834030baec29c5a1dc247be60b6acdd126fc43874fb0cf903066c250da109615

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Deletes itself

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.