Extracted

Extracted

• • Target

    Fantazy.sh

  • Size

    3KB

  • MD5

    32dc75cf6fd364bc37102bf0bb4c6573

  • SHA1

    d7c2cc2d4d82e78ca75f1734be970d61b37caa71

  • SHA256

    efc9fc5b4eb7dfe10b7bf50449aad6d34bdff817c4d490ec83ea64cf0702a9f0

  • SHA512

    6c0989292ca6e6fb348489b0994f4a06b446b2c581364b93604a89c2fb84cd51f707e7f2710bebaa9eb0ff84c9655e8a154acfa3e0b8867efea9e028e6e1235f

  Score

  10^/10

  miraibotnetcredential_accessdefense_evasiondiscoveryantivm

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (23674) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1behavioral2behavioral3behavioral4