205547f961a4de4b727d62f35f73f295a434c2dc183194780b77fb0f0debf6da

General

Target

d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
Size

103KB
Sample

230131-x4pndshh42
MD5

376fc52b8eec5c815d56f33c9964d264
SHA1

c68a6da5efc354ee930c01ba721548ca18452180
SHA256

205547f961a4de4b727d62f35f73f295a434c2dc183194780b77fb0f0debf6da
SHA512

8f4bd70a7ed10b34817a306ddde3bb460f2cde24b3c96201af79114eada6214821c5d709de280bc6be3c35865a29d2286eb769052d94b2e3170a8cf3433bb56e
SSDEEP

1536:Jmxh3aoVOFd4zRmMSFMMSk3jdNiTieuLBBybfqx3sknMv0Hcsi2h2I1j9EL9umSz:03aoC69mNSkx+iBm5v0HHR2I1jKUmO

Score

9^/10

discovery persistence

Malware Config

Targets

- Target
  
  d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
- Size
  
  106KB
- MD5
  
  4dde761681684d7edad4e5e1ffdb940b
- SHA1
  
  2327be693bc11a618c380d7d3abc2382d870d48b
- SHA256
  
  d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8
- SHA512
  
  91a61c719128f263f9f95736d55895954cc468c74ff469ee061d35ec382c50b9165e9a5427dc46a835dac6ae0e6e1f9819632475f68b98a907b53196bd4eb02a
- SSDEEP
  
  1536:3aQiZDMyqIlMBZ/R0F4E4kcHiNq98wk9njKZjjLuYo68864sNHFEzv7Ld76divkE:KzDMyqIMBZ/R0ufhBmgZy9yNsNmPtcE
Score

9^/10

discovery persistence
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1