General
-
Target
feelme420.sh
-
Size
3KB
-
Sample
241219-h1shjsvmgk
-
MD5
22e9d65b991f00de3a52071664dc52f9
-
SHA1
2b6dd972572c4c72ecf43bb7b66eebe776cd0360
-
SHA256
7c31b6f7e29de978c261d41059788662d9d53faf08be61330e611eedcd46d33b
-
SHA512
eefb50d98fc847673e4c38177789e26ee89ec7f027ec5ec92a842470638a84300f378cf10120afab26fe5a87de34c6616f33fc389be816b4763f0fea0eff18cb
Static task
static1
Behavioral task
behavioral1
Sample
feelme420.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
feelme420.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
feelme420.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
feelme420.sh
Resource
debian9-mipsel-20240418-en
Malware Config
Extracted
mirai
chernobyl.stressing.world
Extracted
mirai
chernobyl.stressing.world
Targets
-
-
Target
feelme420.sh
-
Size
3KB
-
MD5
22e9d65b991f00de3a52071664dc52f9
-
SHA1
2b6dd972572c4c72ecf43bb7b66eebe776cd0360
-
SHA256
7c31b6f7e29de978c261d41059788662d9d53faf08be61330e611eedcd46d33b
-
SHA512
eefb50d98fc847673e4c38177789e26ee89ec7f027ec5ec92a842470638a84300f378cf10120afab26fe5a87de34c6616f33fc389be816b4763f0fea0eff18cb
-
Mirai family
-
Contacts a large (12800) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1