General
-
Target
(null).sh
-
Size
2KB
-
Sample
250113-hxm4na1qfz
-
MD5
cdbe719571662353212a1d49312ba384
-
SHA1
0fbbad3d4b091eb0e953e781a7e7ba2c03659f53
-
SHA256
44442e1ac5df5c69852dc62e085146824a938b5c7e6032cecfbedf7ea0935e8f
-
SHA512
c6591539f6aa45036ce16a7572f37f361d3853f835f8575f5d63cb3af0666b7de7b5ea20bb08ab8b7d89619eb8e60295cc857e2f07dd67bb173d916b6c4352a2
Static task
static1
Behavioral task
behavioral1
Sample
(null).sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
(null).sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
(null).sh
Resource
debian9-mipsbe-20240611-en
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
(null).sh
-
Size
2KB
-
MD5
cdbe719571662353212a1d49312ba384
-
SHA1
0fbbad3d4b091eb0e953e781a7e7ba2c03659f53
-
SHA256
44442e1ac5df5c69852dc62e085146824a938b5c7e6032cecfbedf7ea0935e8f
-
SHA512
c6591539f6aa45036ce16a7572f37f361d3853f835f8575f5d63cb3af0666b7de7b5ea20bb08ab8b7d89619eb8e60295cc857e2f07dd67bb173d916b6c4352a2
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1