General
-
Target
thinkphp.sh
-
Size
2KB
-
Sample
250408-lb1peaswe1
-
MD5
8a8a8b70ccf5a4f1d4b3a9e286753dfc
-
SHA1
3d46544f27e366e9acd7d38f56130f17046930dd
-
SHA256
f2863ac520167c37ea5bb3a1a880cc92b21609cf9713f4c68e5b809aadf38e38
-
SHA512
7858ecf3728251f2d5af66994a90b074cd46756f3790f8a73cf59f6cc8e458eba666bb7a010c016507c32b0281f90f41aa21a50636e967691ed3811e18c23f8d
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
thinkphp.sh
-
Size
2KB
-
MD5
8a8a8b70ccf5a4f1d4b3a9e286753dfc
-
SHA1
3d46544f27e366e9acd7d38f56130f17046930dd
-
SHA256
f2863ac520167c37ea5bb3a1a880cc92b21609cf9713f4c68e5b809aadf38e38
-
SHA512
7858ecf3728251f2d5af66994a90b074cd46756f3790f8a73cf59f6cc8e458eba666bb7a010c016507c32b0281f90f41aa21a50636e967691ed3811e18c23f8d
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (46375) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1