mirai | 4c725c97605a31ee082fd60b3e6f81c4b2bb3785dd175752c1a77a9347af11b8 | Triage

Submit
Reports

Overview

overview

Static

static

1

zte.sh

ubuntu-18.04-amd64

zte.sh

debian-9-armhf

zte.sh

debian-9-mips

zte.sh

debian-9-mipsel

Sharing

General

Target

zte.sh
Size

2KB
Sample

250220-trj1layjc1
MD5

47b2fc727e5986be4576917cb431dd2e
SHA1

6d81cf92deb669c36c8846035cfaa55b04771bb4
SHA256

4c725c97605a31ee082fd60b3e6f81c4b2bb3785dd175752c1a77a9347af11b8
SHA512

3c4ee285964f1b8c87745d4b345ac2264ba00285e61caae421b9863a60f0d16f89c51b4bf841d7bbbd0967f82065126441bfcdf2af649dfe785a69a505a0f124

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux upx

Static task

static1

Behavioral task

behavioral1

Sample

zte.sh

Resource

ubuntu1804-amd64-20240611-en

mirai sora botnet defense_evasion discovery upx

ubuntu-18.04-amd64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

zte.sh

Resource

debian9-armhf-20240729-en

mirai sora antivm botnet defense_evasion discovery upx

debian-9-armhf

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

zte.sh

Resource

debian9-mipsbe-20240611-en

mirai sora botnet defense_evasion discovery upx

debian-9-mips

13 signatures

150 seconds

Behavioral task

behavioral4

Sample

zte.sh

Resource

debian9-mipsel-20240611-en

mirai sora botnet defense_evasion discovery upx

debian-9-mipsel

12 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  zte.sh
- Size
  
  2KB
- MD5
  
  47b2fc727e5986be4576917cb431dd2e
- SHA1
  
  6d81cf92deb669c36c8846035cfaa55b04771bb4
- SHA256
  
  4c725c97605a31ee082fd60b3e6f81c4b2bb3785dd175752c1a77a9347af11b8
- SHA512
  
  3c4ee285964f1b8c87745d4b345ac2264ba00285e61caae421b9863a60f0d16f89c51b4bf841d7bbbd0967f82065126441bfcdf2af649dfe785a69a505a0f124
Score

10^/10

mirai sora botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (41694) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscoveryupx

behavioral2

miraisoraantivmbotnetdefense_evasiondiscoveryupx

behavioral3

miraisorabotnetdefense_evasiondiscoveryupx

behavioral4

miraisorabotnetdefense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy