General
-
Target
2BV7L_ohshit.sh
-
Size
2KB
-
Sample
250122-fy5c8a1kel
-
MD5
3b861f9434783f2eba1108c690dcaa47
-
SHA1
2bbb9c3d22f6206bd0f4185eab7ee1cba7b4c215
-
SHA256
baef81a5b8a6c9a601cd76ff538bd9cc68de6e150341d3edb87f4bd3b0396378
-
SHA512
b41c8dfa5f24fd6c9f1ce1ddcf51b6eb7e80a12293f7ef98e79a323aa8e4defc833d3a1d425e50f68cb6b9ad3ebe8fb2a4f021e4be651bb746e9fa3ffc105fdb
Malware Config
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Extracted
mirai
LZRD
Targets
-
-
Target
2BV7L_ohshit.sh
-
Size
2KB
-
MD5
3b861f9434783f2eba1108c690dcaa47
-
SHA1
2bbb9c3d22f6206bd0f4185eab7ee1cba7b4c215
-
SHA256
baef81a5b8a6c9a601cd76ff538bd9cc68de6e150341d3edb87f4bd3b0396378
-
SHA512
b41c8dfa5f24fd6c9f1ce1ddcf51b6eb7e80a12293f7ef98e79a323aa8e4defc833d3a1d425e50f68cb6b9ad3ebe8fb2a4f021e4be651bb746e9fa3ffc105fdb
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1