General
-
Target
Pemex.sh
-
Size
1KB
-
Sample
241223-g3kp2swret
-
MD5
e18ba04d72384ac85e6117c774f6d4f9
-
SHA1
6cb8e9a2da2db042da0875a08f43cc867b8a2c5b
-
SHA256
289876bf62e9a2a364da63cceb9a865c84792377a700afb676811ee53113919e
-
SHA512
3e69c0fdb07347f2dcd8d3b3d9514d392a572173afec60fd702180cf3f7d5d21bca67dff2cb022641c7f0a2df4b817f1589a6a1599726ddeea67ba5c768e954d
Static task
static1
Behavioral task
behavioral1
Sample
Pemex.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
Pemex.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
Pemex.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
Pemex.sh
Resource
debian9-mipsel-20240418-en
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
Pemex.sh
-
Size
1KB
-
MD5
e18ba04d72384ac85e6117c774f6d4f9
-
SHA1
6cb8e9a2da2db042da0875a08f43cc867b8a2c5b
-
SHA256
289876bf62e9a2a364da63cceb9a865c84792377a700afb676811ee53113919e
-
SHA512
3e69c0fdb07347f2dcd8d3b3d9514d392a572173afec60fd702180cf3f7d5d21bca67dff2cb022641c7f0a2df4b817f1589a6a1599726ddeea67ba5c768e954d
-
Mirai family
-
Contacts a large (172668) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1