mirai | cc77e49dd7b2419e3152f7ecfc5b718fa713a0300080a101048bb46a01966975 | Triage

Submit
Reports

Overview

overview

Static

static

1

pulse.sh

ubuntu-18.04-amd64

pulse.sh

debian-9-armhf

pulse.sh

debian-9-mips

pulse.sh

debian-9-mipsel

Sharing

General

Target

pulse.sh
Size

2KB
Sample

250220-trjptsyjcx
MD5

e95da5a40eca3a95854e587310e5c523
SHA1

785acbfb4fec6d3efbf3554126206a62bacfc16b
SHA256

cc77e49dd7b2419e3152f7ecfc5b718fa713a0300080a101048bb46a01966975
SHA512

74acfc8651a7ae5fc764d26019a4c38339a4f8feadcfc46c39d104fbf3349088075f764486e575c98c833713c2104a391f179f8c4e0f3b20dc5487bf6af7b9e0

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux upx

Static task

static1

Behavioral task

behavioral1

Sample

pulse.sh

Resource

ubuntu1804-amd64-20240611-en

mirai sora botnet defense_evasion discovery upx

ubuntu-18.04-amd64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

pulse.sh

Resource

debian9-armhf-20240611-en

mirai sora antivm botnet defense_evasion discovery upx

debian-9-armhf

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

pulse.sh

Resource

debian9-mipsbe-20240418-en

mirai sora botnet defense_evasion discovery upx

debian-9-mips

12 signatures

150 seconds

Behavioral task

behavioral4

Sample

pulse.sh

Resource

debian9-mipsel-20240729-en

mirai sora botnet defense_evasion discovery upx

debian-9-mipsel

12 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  pulse.sh
- Size
  
  2KB
- MD5
  
  e95da5a40eca3a95854e587310e5c523
- SHA1
  
  785acbfb4fec6d3efbf3554126206a62bacfc16b
- SHA256
  
  cc77e49dd7b2419e3152f7ecfc5b718fa713a0300080a101048bb46a01966975
- SHA512
  
  74acfc8651a7ae5fc764d26019a4c38339a4f8feadcfc46c39d104fbf3349088075f764486e575c98c833713c2104a391f179f8c4e0f3b20dc5487bf6af7b9e0
Score

10^/10

mirai sora botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (36850) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscoveryupx

behavioral2

miraisoraantivmbotnetdefense_evasiondiscoveryupx

behavioral3

miraisorabotnetdefense_evasiondiscoveryupx

behavioral4

miraisorabotnetdefense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy