General
-
Target
realtek.sh
-
Size
2KB
-
Sample
250408-lb1z6sswft
-
MD5
a865c325dc2bea476df96b4061df4266
-
SHA1
81667557033864efb9022877f656da32f9b22ef7
-
SHA256
cd199cacd3d7855c702422c2d2773fb30a80c63fa819cf208aaac7b6612d30fd
-
SHA512
b999dcc9a1309ea6c6b5033d8dc17130d0db0ccbbdded87a42433bfb168225bfec9a0529c5063fc5233d0fffa1ecab6ba5a583fca13daf7efb6716d389c84cd7
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
realtek.sh
-
Size
2KB
-
MD5
a865c325dc2bea476df96b4061df4266
-
SHA1
81667557033864efb9022877f656da32f9b22ef7
-
SHA256
cd199cacd3d7855c702422c2d2773fb30a80c63fa819cf208aaac7b6612d30fd
-
SHA512
b999dcc9a1309ea6c6b5033d8dc17130d0db0ccbbdded87a42433bfb168225bfec9a0529c5063fc5233d0fffa1ecab6ba5a583fca13daf7efb6716d389c84cd7
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (45235) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1