General
-
Target
8cc2e584d23c9e42cb06adc721a7345e.elf
-
Size
119KB
-
Sample
220919-1zgzjaeghl
-
MD5
8cc2e584d23c9e42cb06adc721a7345e
-
SHA1
a92b91a4fb5d63bbf0fb91f9038d0b694d24d0cd
-
SHA256
cd77563128c84277184b050b4304bbba7241a9983ced5a693bad5c5cf940b2e6
-
SHA512
a43bd3d769cad71c5604ae6c4239bc3f1dbdf1fcc08b06412bfb02ddca39cc2ebb2d555f5992a8fac927ace10c15a867e2aafaddcadab79e76c2bd30bb9ba7a6
-
SSDEEP
3072:MxUw3sWOxDyNA8DYoMDPMFlyK3zMM/9b6cxg:MxUJWOtaA8DYoqPXK3oM/9mcxg
Behavioral task
behavioral1
Sample
8cc2e584d23c9e42cb06adc721a7345e.elf
Resource
debian9-armhf-en-20211208
Malware Config
Extracted
mirai
BOTNET
cnc.notabotnet.lol
Targets
-
-
Target
8cc2e584d23c9e42cb06adc721a7345e.elf
-
Size
119KB
-
MD5
8cc2e584d23c9e42cb06adc721a7345e
-
SHA1
a92b91a4fb5d63bbf0fb91f9038d0b694d24d0cd
-
SHA256
cd77563128c84277184b050b4304bbba7241a9983ced5a693bad5c5cf940b2e6
-
SHA512
a43bd3d769cad71c5604ae6c4239bc3f1dbdf1fcc08b06412bfb02ddca39cc2ebb2d555f5992a8fac927ace10c15a867e2aafaddcadab79e76c2bd30bb9ba7a6
-
SSDEEP
3072:MxUw3sWOxDyNA8DYoMDPMFlyK3zMM/9b6cxg:MxUJWOtaA8DYoqPXK3oM/9mcxg
Score9/10-
Contacts a large (140666) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-