General
-
Target
8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
-
Size
234KB
-
Sample
220725-ac7zbsefer
-
MD5
17d83c1545a62df94f71ffd550d688c5
-
SHA1
8b0d1efc31b99f13a9ece2445dcbb9967a41e09a
-
SHA256
8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
-
SHA512
184adc5718fad2e0f5f1f4ebdacd6fa1c2b7d8ccda107ffed00c0489486619d82b752c27e6024d1898341d23a10ec8b385da12f915de9f032906f24e48ac75bb
Malware Config
Targets
-
-
Target
8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
-
Size
234KB
-
MD5
17d83c1545a62df94f71ffd550d688c5
-
SHA1
8b0d1efc31b99f13a9ece2445dcbb9967a41e09a
-
SHA256
8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
-
SHA512
184adc5718fad2e0f5f1f4ebdacd6fa1c2b7d8ccda107ffed00c0489486619d82b752c27e6024d1898341d23a10ec8b385da12f915de9f032906f24e48ac75bb
-
suricata: ET MALWARE Cayosin Botnet User-Agent Observed M1
suricata: ET MALWARE Cayosin Botnet User-Agent Observed M1
-
suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
-
Contacts a large (320469) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-