mirai | d7a78f3ff9cd3bbb0d640e593767bf0be713023537743676d4297e0f5aa5f87e | Triage

Submit
Reports

Overview

overview

Static

static

1

gpon443.sh

ubuntu-18.04-amd64

gpon443.sh

debian-9-armhf

gpon443.sh

debian-9-mips

gpon443.sh

debian-9-mipsel

Sharing

General

Target

gpon443.sh
Size

2KB
Sample

250408-lb1peasnz7
MD5

6744cd6370fc8925d67a9d5de8b6d122
SHA1

3e0fd96625b156bd1049739c814695e1bfc81574
SHA256

d7a78f3ff9cd3bbb0d640e593767bf0be713023537743676d4297e0f5aa5f87e
SHA512

591fdbf6b925a1aa1578248487ed70092601cb1753c12ee87316d4344401a6dde5026df6f26e7e1ab67dac84d1bb091f697e54343e93dd86ca14d3dcee2482c8

Score

10^/10

mirai sora antivm botnet defense_evasion discovery linux upx

Static task

static1

Behavioral task

behavioral1

Sample

gpon443.sh

Resource

ubuntu1804-amd64-20240611-en

mirai sora botnet defense_evasion discovery upx

ubuntu-18.04-amd64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

gpon443.sh

Resource

debian9-armhf-20240611-en

mirai sora antivm botnet defense_evasion discovery upx

debian-9-armhf

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

gpon443.sh

Resource

debian9-mipsbe-20240729-en

mirai sora botnet defense_evasion discovery upx

debian-9-mips

12 signatures

150 seconds

Behavioral task

behavioral4

Sample

gpon443.sh

Resource

debian9-mipsel-20240418-en

mirai sora botnet defense_evasion discovery upx

debian-9-mipsel

12 signatures

150 seconds

Malware Config

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Targets

- Target
  
  gpon443.sh
- Size
  
  2KB
- MD5
  
  6744cd6370fc8925d67a9d5de8b6d122
- SHA1
  
  3e0fd96625b156bd1049739c814695e1bfc81574
- SHA256
  
  d7a78f3ff9cd3bbb0d640e593767bf0be713023537743676d4297e0f5aa5f87e
- SHA512
  
  591fdbf6b925a1aa1578248487ed70092601cb1753c12ee87316d4344401a6dde5026df6f26e7e1ab67dac84d1bb091f697e54343e93dd86ca14d3dcee2482c8
Score

10^/10

mirai sora botnet defense_evasion discovery upx antivm
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Mirai family
  mirai
- Contacts a large (46171) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Impair Defenses

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

miraisorabotnetdefense_evasiondiscoveryupx

behavioral2

miraisoraantivmbotnetdefense_evasiondiscoveryupx

behavioral3

miraisorabotnetdefense_evasiondiscoveryupx

behavioral4

miraisorabotnetdefense_evasiondiscoveryupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.