General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
250102-eypr4avrgn
-
MD5
ed9afc8adb1a34f93090873f6b76ec07
-
SHA1
13b5f418f63a32c61e493995e10e3baa0b02caab
-
SHA256
74c5a35690cad6b7fc66a5c03b772b3d9c8787357685b4180263b927c9b70091
-
SHA512
3ef263bf7ef4cadcc3587d3ef891289cb051087c9d125a74fc8f34f16cda89ca79c2a5ae6f2d0edee3f87855de37af4a594779d6d0d332beade0654e102bd049
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
ed9afc8adb1a34f93090873f6b76ec07
-
SHA1
13b5f418f63a32c61e493995e10e3baa0b02caab
-
SHA256
74c5a35690cad6b7fc66a5c03b772b3d9c8787357685b4180263b927c9b70091
-
SHA512
3ef263bf7ef4cadcc3587d3ef891289cb051087c9d125a74fc8f34f16cda89ca79c2a5ae6f2d0edee3f87855de37af4a594779d6d0d332beade0654e102bd049
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1