General
-
Target
81b2ff2576138b8306f6de070e01d6be
-
Size
94KB
-
Sample
220521-x53awachd2
-
MD5
81b2ff2576138b8306f6de070e01d6be
-
SHA1
94f47a795f091eb217d4b48c5b949e8aa6720878
-
SHA256
08184f574f5e5d1c41ed8a875c2176ad9ccd130ff45ab04de3f6faa4e07dd6a6
-
SHA512
8a6d3a91bb71c1c0a4b182503938e74b904b7105e5ba91603db83f233d25167728842272f6666789c61beda8ffbff88e4ed3aed8524fc9cb4fe197d48a659d3e
Malware Config
Targets
-
-
Target
81b2ff2576138b8306f6de070e01d6be
-
Size
94KB
-
MD5
81b2ff2576138b8306f6de070e01d6be
-
SHA1
94f47a795f091eb217d4b48c5b949e8aa6720878
-
SHA256
08184f574f5e5d1c41ed8a875c2176ad9ccd130ff45ab04de3f6faa4e07dd6a6
-
SHA512
8a6d3a91bb71c1c0a4b182503938e74b904b7105e5ba91603db83f233d25167728842272f6666789c61beda8ffbff88e4ed3aed8524fc9cb4fe197d48a659d3e
Score9/10-
Contacts a large (110061) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-