General
-
Target
jaws.sh
-
Size
2KB
-
Sample
250408-lb1peaswfs
-
MD5
af601435d0c87bc02960ce137b0dd9ae
-
SHA1
c7e79e52dec1ef05a177ea4e7aa76eb71e46fc1b
-
SHA256
bb07e001f9c21eb0b24d2f2b992a4f1e00cc0c3f6ea809ab10a6d3ed0bee28ee
-
SHA512
e1493196469a3c916e9ec2fd0896c56378ae380b750673a4bcb3ab0b9c5b83c81914db4d010d5f93faf55fa5d64e45734f0548295fbcdb5edd8856b386fcbe0f
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
jaws.sh
-
Size
2KB
-
MD5
af601435d0c87bc02960ce137b0dd9ae
-
SHA1
c7e79e52dec1ef05a177ea4e7aa76eb71e46fc1b
-
SHA256
bb07e001f9c21eb0b24d2f2b992a4f1e00cc0c3f6ea809ab10a6d3ed0bee28ee
-
SHA512
e1493196469a3c916e9ec2fd0896c56378ae380b750673a4bcb3ab0b9c5b83c81914db4d010d5f93faf55fa5d64e45734f0548295fbcdb5edd8856b386fcbe0f
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (46090) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1