General
-
Target
ohshit.sh
-
Size
2KB
-
Sample
250117-gz64wavrdj
-
MD5
95a4c9ceeaff1ba0b6b54a2ca6657d9b
-
SHA1
3d204079c491b73eb2e8000ad770bfb538f3bb79
-
SHA256
21108cd356037b6622cfe4306a50ef020eea3b1bf569af187e8b50f4f92ddbd6
-
SHA512
227a981ea250c3f5f7db4eca15456302c014893198d403001ee38f321ed7893c48d6ff50768fceefbdb6cb9592dd4192b31ed22baf4c96652fb527c1c1700f6b
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
2KB
-
MD5
95a4c9ceeaff1ba0b6b54a2ca6657d9b
-
SHA1
3d204079c491b73eb2e8000ad770bfb538f3bb79
-
SHA256
21108cd356037b6622cfe4306a50ef020eea3b1bf569af187e8b50f4f92ddbd6
-
SHA512
227a981ea250c3f5f7db4eca15456302c014893198d403001ee38f321ed7893c48d6ff50768fceefbdb6cb9592dd4192b31ed22baf4c96652fb527c1c1700f6b
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1