Extracted

Extracted

Extracted

• • Target

    6dd36ae06f8ade5299fdb81d072d735d17d15dd4447ab7d1b2b71bf66e0b2b1a.sh

  • Size

    1KB

  • MD5

    c46ce91068e77aa58bd2127bec2ee6c3

  • SHA1

    fced6e9a98cb1fd8b568f7698dbf1b4e1e4231d5

  • SHA256

    6dd36ae06f8ade5299fdb81d072d735d17d15dd4447ab7d1b2b71bf66e0b2b1a

  • SHA512

    ace2a1517ff4dceb812a495e8f5d5a4bbec6825964ffca84b076f57610ed09232b3ad76e995fd83ba121d4a36f82acb0136f27da8d4fc272bd083ac1d8e3e7e9

  Score

  10^/10

  miraibotnetbotnetdefense_evasiondiscoveryantivmcredential_access

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (177422) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Renames itself

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1behavioral2behavioral3behavioral4