mirai

General

Target

Hilix.sh
Size

1KB
Sample

250102-j7arravrbp
MD5

0c55987ace1771c5cb8533da3b2ba271
SHA1

dedbf64de308bb11070bbe67f8c046b4602b7903
SHA256

07744254fcb79b4e78cb7c1512db30dc3bb825c1ea6ab11725917fc6bb035782
SHA512

68d6db0fbcf4dd9c4486703adcad76439082ddb22c0e4450fdb60c2355ce70017673dd8bbaa2db269e273356a75ecff1348e9ea6762a4acc903408bddc025b09

Score

10^/10

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  Hilix.sh
- Size
  
  1KB
- MD5
  
  0c55987ace1771c5cb8533da3b2ba271
- SHA1
  
  dedbf64de308bb11070bbe67f8c046b4602b7903
- SHA256
  
  07744254fcb79b4e78cb7c1512db30dc3bb825c1ea6ab11725917fc6bb035782
- SHA512
  
  68d6db0fbcf4dd9c4486703adcad76439082ddb22c0e4450fdb60c2355ce70017673dd8bbaa2db269e273356a75ecff1348e9ea6762a4acc903408bddc025b09
Score

10^/10

mirai redline sora botnet defense_evasion discovery infostealer antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- Contacts a large (1589211) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4