Overview

overview

10

Static

static

1

ohshit.sh

ubuntu-18.04-amd64

10

ohshit.sh

debian-9-armhf

10

ohshit.sh

debian-9-mips

10

ohshit.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ohshit.sh

  • Size

    2KB

  • Sample

    241230-qxeraawmdk

  • MD5

    85e5354484584cd6a1c6a47638c538d2

  • SHA1

    80a984a63b9004ad93c88ee0cf6165cdb48e3df2

  • SHA256

    54eefa9690f54a99a4b985d2a827e7978bfcf8651b4900bb15b2ac863bdce221

  • SHA512

    5a0f7b3c2739efefdb80c3c6b460fab2a1d29416052334baa1b5ed0effd886ed02c834a85a5747f9ce1ca60066a3816f9df2f5787e653301e2a65b993e0c47cd

Score
10/10
miraiantivmbotnetdefense_evasiondiscoverylinux

Malware Config

Targets

    • Target

      ohshit.sh

    • Size

      2KB

    • MD5

      85e5354484584cd6a1c6a47638c538d2

    • SHA1

      80a984a63b9004ad93c88ee0cf6165cdb48e3df2

    • SHA256

      54eefa9690f54a99a4b985d2a827e7978bfcf8651b4900bb15b2ac863bdce221

    • SHA512

      5a0f7b3c2739efefdb80c3c6b460fab2a1d29416052334baa1b5ed0effd886ed02c834a85a5747f9ce1ca60066a3816f9df2f5787e653301e2a65b993e0c47cd

    Score
    10/10
    miraibotnetdefense_evasiondiscoveryantivm

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Mirai family

      mirai

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Deletes itself

    • Executes dropped EXE

    • Traces itself

      Traces itself to prevent debugging attempts

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks