General
-
Target
466a8626f77a8ad68784cd2cfb3cacb409263412517a852a999172659f1f47ae
-
Size
300KB
-
Sample
221125-ky1r9afa39
-
MD5
4a1719ae5fd58f4330444520bbd5c338
-
SHA1
9b27cc582e83049a206c0e637e664c4eb5ae6c56
-
SHA256
466a8626f77a8ad68784cd2cfb3cacb409263412517a852a999172659f1f47ae
-
SHA512
a10a2702e9201520d1d5b38b271793150aed420fffcf3c9083ba4af3c5c645145590b35d12a2e7c2cc2951aac5debded0b8acbd3322eff227b20a80d19dac160
-
SSDEEP
3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X
Malware Config
Targets
-
-
Target
466a8626f77a8ad68784cd2cfb3cacb409263412517a852a999172659f1f47ae
-
Size
300KB
-
MD5
4a1719ae5fd58f4330444520bbd5c338
-
SHA1
9b27cc582e83049a206c0e637e664c4eb5ae6c56
-
SHA256
466a8626f77a8ad68784cd2cfb3cacb409263412517a852a999172659f1f47ae
-
SHA512
a10a2702e9201520d1d5b38b271793150aed420fffcf3c9083ba4af3c5c645145590b35d12a2e7c2cc2951aac5debded0b8acbd3322eff227b20a80d19dac160
-
SSDEEP
3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-