Extracted

Extracted

• • Target

    6c568bd265a5c182913cd277c88a151c797dfeb05244edaf156dea1b389a0baa.sh

  • Size

    2KB

  • MD5

    0569b09a5951d5fe444efa1892b87687

  • SHA1

    0d3df40a37ec718be33d83c1c9a962e982a51d17

  • SHA256

    6c568bd265a5c182913cd277c88a151c797dfeb05244edaf156dea1b389a0baa

  • SHA512

    fbdf5cd3d7ee86f61d205e2745661444152304f594c73562a5b7d59adfdfed3adadbb59954afb7618f64d29e283ef15e1dfaf82cef3a79dc74c08cda5580b11d

  Score

  10^/10

  miraicondibotnetdefense_evasiondiscoveryantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (36468) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Writes file to system bin folder

  behavioral1behavioral2behavioral3behavioral4