General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
250106-hgcmzsyqby
-
MD5
bb9b02790d9369cfdce60911efa478c8
-
SHA1
cf899d0844a5cbac80784008dd7ff20ddc95ef8f
-
SHA256
8562b9fbc61584ce74c2f56847565faccf053134a8f4abf4aaee8e2ed82ccfc5
-
SHA512
55842a12c510f36d7c8d9f1b35bebf9729421d061f14b9cd1c895fab850087dc091b57a641faad012b785340edfeb5cb72b68abc22090e9cf3f842075bf0bb80
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
bb9b02790d9369cfdce60911efa478c8
-
SHA1
cf899d0844a5cbac80784008dd7ff20ddc95ef8f
-
SHA256
8562b9fbc61584ce74c2f56847565faccf053134a8f4abf4aaee8e2ed82ccfc5
-
SHA512
55842a12c510f36d7c8d9f1b35bebf9729421d061f14b9cd1c895fab850087dc091b57a641faad012b785340edfeb5cb72b68abc22090e9cf3f842075bf0bb80
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1