Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    dd5851b5ab04287b30ed4d1bed6f7940d256849c8d6cfc9936df59afa4c328aa.sh

  • Size

    1KB

  • MD5

    d011eee1c3ee60b1a1db3ae1e9e65ad6

  • SHA1

    18f4cee16484157375f8bbcf21acca220a258d66

  • SHA256

    dd5851b5ab04287b30ed4d1bed6f7940d256849c8d6cfc9936df59afa4c328aa

  • SHA512

    ed73548c60e65449f31d4bc5ca644d2f59e72d0843a24b3236707338fbed8e26ed608897d0c5a26a971357e7d28b92a9ecb6d8d76d5f7d55e93bf0aa3dd3f6ac

  Score

  10^/10

  miraibotnetbotnetdefense_evasiondiscoverycredential_access

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (173171) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Deletes itself

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1behavioral2behavioral3behavioral4