General
-
Target
robinbot
-
Size
130KB
-
Sample
221129-ss7mlsef31
-
MD5
500009d8f68330a8f82b59884a9afe47
-
SHA1
575f5e6894b1a2f7a728435487666acdb9758f83
-
SHA256
a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
-
SHA512
ec62621ec2e037cb9f3890486ff4fb127ee6b34657ee7c2b1e3401de5d7fa2bb554e62d5c378dd93c43a3bb0bf4d210556cf8e67c0ff8449d0c615262e94dfba
-
SSDEEP
3072:xffIDJOocVBUbd8A2W3M/fvLUpANet2xBTd:xgDAtVmB8sM/fvLUpANet2xBTd
Behavioral task
behavioral1
Sample
robinbot
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
robinbot
-
Size
130KB
-
MD5
500009d8f68330a8f82b59884a9afe47
-
SHA1
575f5e6894b1a2f7a728435487666acdb9758f83
-
SHA256
a46770913fba87921b56d789396e07cdfd68a846b2e80a77aa07e1c62f9304d6
-
SHA512
ec62621ec2e037cb9f3890486ff4fb127ee6b34657ee7c2b1e3401de5d7fa2bb554e62d5c378dd93c43a3bb0bf4d210556cf8e67c0ff8449d0c615262e94dfba
-
SSDEEP
3072:xffIDJOocVBUbd8A2W3M/fvLUpANet2xBTd:xgDAtVmB8sM/fvLUpANet2xBTd
Score9/10-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-