General
-
Target
8UsA.sh
-
Size
1KB
-
Sample
250110-xsmdwssqhv
-
MD5
17bed510a00fcaba1dfad2de86d3f0ac
-
SHA1
bd93c9b1642d9291731933387f1d751c85c6d323
-
SHA256
7a091ce1dfccdfff5db4938ebd85a0a088b255a1ddc0bae4431e160316ef8995
-
SHA512
27d29c3a78b954855c5d29b13a1f69fe8b5fdc4ac4533eccc82a35aab6cf3b9cf34b6990e09fe4fa1a35397bc0d786ecec3fb1b97d8d66cf8e5ef0ebdd149dc9
Malware Config
Targets
-
-
Target
8UsA.sh
-
Size
1KB
-
MD5
17bed510a00fcaba1dfad2de86d3f0ac
-
SHA1
bd93c9b1642d9291731933387f1d751c85c6d323
-
SHA256
7a091ce1dfccdfff5db4938ebd85a0a088b255a1ddc0bae4431e160316ef8995
-
SHA512
27d29c3a78b954855c5d29b13a1f69fe8b5fdc4ac4533eccc82a35aab6cf3b9cf34b6990e09fe4fa1a35397bc0d786ecec3fb1b97d8d66cf8e5ef0ebdd149dc9
Score10/10-
Detected Echobot
-
Echobot
An updated variant of Mirai which infects a wide range of IoT devices to form a botnet.
-
Echobot family
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (312512) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1