General

  • Target

    2c95ce1c6140c8c2db66382fbc0b832367891d03789b31bfef60f1e34b9250a5.sh

  • Size

    2KB

  • Sample

    241218-crfjqsylay

  • MD5

    d7aac5b39f096043750096172ee9a84f

  • SHA1

    fde809f81c26db59c148255c0b60176c8971bc0c

  • SHA256

    2c95ce1c6140c8c2db66382fbc0b832367891d03789b31bfef60f1e34b9250a5

  • SHA512

    77c79dcb7c89e16cfe5d3712adf37173249b6066673ff20c2a2b6c90ebe2eb5ac5c295a250b6b9fc0596ff0872ecc15d4dec8852a515c0826436426dd5f1efff

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      2c95ce1c6140c8c2db66382fbc0b832367891d03789b31bfef60f1e34b9250a5.sh

    • Size

      2KB

    • MD5

      d7aac5b39f096043750096172ee9a84f

    • SHA1

      fde809f81c26db59c148255c0b60176c8971bc0c

    • SHA256

      2c95ce1c6140c8c2db66382fbc0b832367891d03789b31bfef60f1e34b9250a5

    • SHA512

      77c79dcb7c89e16cfe5d3712adf37173249b6066673ff20c2a2b6c90ebe2eb5ac5c295a250b6b9fc0596ff0872ecc15d4dec8852a515c0826436426dd5f1efff

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Mirai family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks