General
-
Target
meta.sh
-
Size
483B
-
Sample
250217-meg7xayjdl
-
MD5
79b512b0b1a43d26890e67dfb400c8c8
-
SHA1
e8db4e2ce94cdcd5f97a02be52968a336b60d784
-
SHA256
c41d5810be4537b41400f5aefb61ace955fe7f1bfc26a2bb0cd6144f38aa3679
-
SHA512
fade5a3df3df6074e13c0a15f858e005b5ddb353729f050b74179def4dd653cee66fe53f22a484d70064ce38755d4e555fcbde9fa8a27ea70f5e1be1e5257904
Malware Config
Extracted
mirai
KURC
Extracted
mirai
KURC
Targets
-
-
Target
meta.sh
-
Size
483B
-
MD5
79b512b0b1a43d26890e67dfb400c8c8
-
SHA1
e8db4e2ce94cdcd5f97a02be52968a336b60d784
-
SHA256
c41d5810be4537b41400f5aefb61ace955fe7f1bfc26a2bb0cd6144f38aa3679
-
SHA512
fade5a3df3df6074e13c0a15f858e005b5ddb353729f050b74179def4dd653cee66fe53f22a484d70064ce38755d4e555fcbde9fa8a27ea70f5e1be1e5257904
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (118127) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1