General
-
Target
ohshit.sh
-
Size
3KB
-
Sample
250121-zyands1nfj
-
MD5
d91a756fa0b51d26ca560e689c65f02a
-
SHA1
dca13e8c0ff369c8850b09e06eb9aecde38da7ad
-
SHA256
4f1c0d593b90f06aadb41e43d72dabe8a57d52df99bdfbf67db6e2e3aecdfdcf
-
SHA512
5386d2bb591a257c64e71563c16435bf9f606d813031417233700d22e0b31bad1f33f73ae7ef581033c3c1633ca9b897d162a64019fc415ba6d9505a7b7f8533
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
ohshit.sh
-
Size
3KB
-
MD5
d91a756fa0b51d26ca560e689c65f02a
-
SHA1
dca13e8c0ff369c8850b09e06eb9aecde38da7ad
-
SHA256
4f1c0d593b90f06aadb41e43d72dabe8a57d52df99bdfbf67db6e2e3aecdfdcf
-
SHA512
5386d2bb591a257c64e71563c16435bf9f606d813031417233700d22e0b31bad1f33f73ae7ef581033c3c1633ca9b897d162a64019fc415ba6d9505a7b7f8533
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1