Overview

overview

10

Static

static

1

wget.sh

ubuntu-18.04-amd64

10

wget.sh

debian-9-armhf

10

wget.sh

debian-9-mips

10

wget.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wget.sh

  • Size

    1KB

  • Sample

    250217-wjxyla1lcp

  • MD5

    d011eee1c3ee60b1a1db3ae1e9e65ad6

  • SHA1

    18f4cee16484157375f8bbcf21acca220a258d66

  • SHA256

    dd5851b5ab04287b30ed4d1bed6f7940d256849c8d6cfc9936df59afa4c328aa

  • SHA512

    ed73548c60e65449f31d4bc5ca644d2f59e72d0843a24b3236707338fbed8e26ed608897d0c5a26a971357e7d28b92a9ecb6d8d76d5f7d55e93bf0aa3dd3f6ac

Score
10/10
miraiouroborosbotnetbotnetcredential_accessdefense_evasiondiscoverylinuxransomware

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      wget.sh

    • Size

      1KB

    • MD5

      d011eee1c3ee60b1a1db3ae1e9e65ad6

    • SHA1

      18f4cee16484157375f8bbcf21acca220a258d66

    • SHA256

      dd5851b5ab04287b30ed4d1bed6f7940d256849c8d6cfc9936df59afa4c328aa

    • SHA512

      ed73548c60e65449f31d4bc5ca644d2f59e72d0843a24b3236707338fbed8e26ed608897d0c5a26a971357e7d28b92a9ecb6d8d76d5f7d55e93bf0aa3dd3f6ac

    Score
    10/10
    miraiouroborosbotnetbotnetdefense_evasiondiscoveryransomwarecredential_access

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Mirai family

      mirai

    • Ouroboros family

      ouroboros

    • Ouroboros/Zeropadypt

      Ransomware family based on open-source CryptoWire.

      ransomwareouroboros

    • Contacts a large (87963) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Deletes itself

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.