General
-
Target
sensi.sh
-
Size
1KB
-
Sample
250115-hpr3mswnfq
-
MD5
b56a0716f8b4b73b0e35ebd7b66c03fa
-
SHA1
d9711b6f58091fd794bf341dd7237136436a4a74
-
SHA256
81bceab3472a818b061caa7d8d0bab3171bed77a3b5b86ceffae3fd2d16be12b
-
SHA512
8bf2d0b7cd72d77fa84ab03edc5ac7e217bd122ffabbe370d3f5a10333e22ea44ab0c151c2b76dd9f819341b0eb0f48acce2b0c2b7391bc8a19e44df0c6e23aa
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
sensi.sh
-
Size
1KB
-
MD5
b56a0716f8b4b73b0e35ebd7b66c03fa
-
SHA1
d9711b6f58091fd794bf341dd7237136436a4a74
-
SHA256
81bceab3472a818b061caa7d8d0bab3171bed77a3b5b86ceffae3fd2d16be12b
-
SHA512
8bf2d0b7cd72d77fa84ab03edc5ac7e217bd122ffabbe370d3f5a10333e22ea44ab0c151c2b76dd9f819341b0eb0f48acce2b0c2b7391bc8a19e44df0c6e23aa
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (198246) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1