General
-
Target
aws.sh
-
Size
2KB
-
Sample
250408-lb42tssn14
-
MD5
66679e7bee1bd19878857326ec90d7ba
-
SHA1
e0a878bdebbec2d81d38caa2407e9ee42d659f3f
-
SHA256
9c0a7f8fc7658b93dcf2f92d2afe4beface33a8cff5f34539887244ac8812ce5
-
SHA512
95c539a9a2adbef1ce327d6d9f5ef4f529c345801331ea3c9901dbcf0fe25ab3939bb6a267445d3cbe03e8df67901e2043fc6a4b3db1333169e9de83d62bac55
Malware Config
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Extracted
mirai
SORA
Targets
-
-
Target
aws.sh
-
Size
2KB
-
MD5
66679e7bee1bd19878857326ec90d7ba
-
SHA1
e0a878bdebbec2d81d38caa2407e9ee42d659f3f
-
SHA256
9c0a7f8fc7658b93dcf2f92d2afe4beface33a8cff5f34539887244ac8812ce5
-
SHA512
95c539a9a2adbef1ce327d6d9f5ef4f529c345801331ea3c9901dbcf0fe25ab3939bb6a267445d3cbe03e8df67901e2043fc6a4b3db1333169e9de83d62bac55
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Mirai family
-
Contacts a large (45707) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1