General
-
Target
cedb8981c3b40c3d853f48afccbc4123b62e88a61159d5c727af3ac4b8d744b3
-
Size
119KB
-
Sample
220521-qal7vaccdp
-
MD5
eead2ca92e30c2f1c9b2fafcaacc4b44
-
SHA1
54e26e8a4e9bb0a835b892ab4d6835ab2708ad95
-
SHA256
cedb8981c3b40c3d853f48afccbc4123b62e88a61159d5c727af3ac4b8d744b3
-
SHA512
3067bf51b626573ff6aef12e0ce6fac3efbc76f680b398931aa249f6fa8405ed972a2d495a4c20496d1d3032f386c0b77066a1e8dddfe06a815deb2c2f201a11
Malware Config
Targets
-
-
Target
cedb8981c3b40c3d853f48afccbc4123b62e88a61159d5c727af3ac4b8d744b3
-
Size
119KB
-
MD5
eead2ca92e30c2f1c9b2fafcaacc4b44
-
SHA1
54e26e8a4e9bb0a835b892ab4d6835ab2708ad95
-
SHA256
cedb8981c3b40c3d853f48afccbc4123b62e88a61159d5c727af3ac4b8d744b3
-
SHA512
3067bf51b626573ff6aef12e0ce6fac3efbc76f680b398931aa249f6fa8405ed972a2d495a4c20496d1d3032f386c0b77066a1e8dddfe06a815deb2c2f201a11
Score9/10-
Contacts a large (23517) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-