General
-
Target
2916f8d5b9b94093d72a6b9cdf0a4c8f5f38d70d5cea4444869ab33cd7e1f243
-
Size
127KB
-
Sample
220304-q821ysgdgr
-
MD5
b67b7920ad6846302b180f59a9366b16
-
SHA1
7f67a0a45159e21735a9783b89d8fdae043dfa22
-
SHA256
2916f8d5b9b94093d72a6b9cdf0a4c8f5f38d70d5cea4444869ab33cd7e1f243
-
SHA512
738c4bb9284bcd28ee4b7614dd8f2e5b2667c47626cd97fed22f6e613588dff5ceee56c316ab4c5d60c2b5d5447ae5a8f6c111903ba2025979c74f1597a736bc
Malware Config
Targets
-
-
Target
2916f8d5b9b94093d72a6b9cdf0a4c8f5f38d70d5cea4444869ab33cd7e1f243
-
Size
127KB
-
MD5
b67b7920ad6846302b180f59a9366b16
-
SHA1
7f67a0a45159e21735a9783b89d8fdae043dfa22
-
SHA256
2916f8d5b9b94093d72a6b9cdf0a4c8f5f38d70d5cea4444869ab33cd7e1f243
-
SHA512
738c4bb9284bcd28ee4b7614dd8f2e5b2667c47626cd97fed22f6e613588dff5ceee56c316ab4c5d60c2b5d5447ae5a8f6c111903ba2025979c74f1597a736bc
Score10/10-
suricata: ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution
suricata: ET MALWARE JAWS Webserver Unauthenticated Shell Command Execution
-
suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-