General
-
Target
[MS].elf
-
Size
415KB
-
Sample
230227-nnwbkadc4z
-
MD5
134022ec8a791d12ffeaab4a78262ef1
-
SHA1
c5e64df54b1d71f94e9835423ff89e2c75537fd5
-
SHA256
8c8a257bc47aff1b1629adb0709ded9d4e73016c24015623acc24c966b7535f6
-
SHA512
4e301336610b35d531936c9ce057f681b6bbc5c9d0dda448aa2ced4976f2c68563dc0e221e660a428e9cfd757f8e124666b83a9ea54092d972f1cbc3d9e06ff1
-
SSDEEP
12288:i18prykKI3s4/t2mws68n8LdDILvzsr3G1:i1yrykL3z/cmws68n8LdDILvzsr3G1
Malware Config
Targets
-
-
Target
[MS].elf
-
Size
415KB
-
MD5
134022ec8a791d12ffeaab4a78262ef1
-
SHA1
c5e64df54b1d71f94e9835423ff89e2c75537fd5
-
SHA256
8c8a257bc47aff1b1629adb0709ded9d4e73016c24015623acc24c966b7535f6
-
SHA512
4e301336610b35d531936c9ce057f681b6bbc5c9d0dda448aa2ced4976f2c68563dc0e221e660a428e9cfd757f8e124666b83a9ea54092d972f1cbc3d9e06ff1
-
SSDEEP
12288:i18prykKI3s4/t2mws68n8LdDILvzsr3G1:i1yrykL3z/cmws68n8LdDILvzsr3G1
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Write file to user bin folder
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-