Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a.sh

  • Size

    1KB

  • MD5

    a9f753da46e0678e9652f1417378e79a

  • SHA1

    19bf100cae7a6a8fa9a42d0368ff1918c9b796ac

  • SHA256

    51b1d643a14b5c081b4a836bb80812e7866811ab8f90cf8ace4744565408d16a

  • SHA512

    3969653a243f80154bbca0045c35e3e8e0b47fdc85bcc13c8887c24e2c207dfd92e3265393ea7d8a28347c67d69501a0d7a2aa2247e116a0705d33731bdce636

  Score

  10^/10

  miraibotnetbotnetdefense_evasiondiscoverycredential_access

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (171178) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1behavioral2behavioral3behavioral4