General
-
Target
630a21057c70a10fcf1162846d05e245.elf
-
Size
1.9MB
-
Sample
230317-w213zabe5y
-
MD5
630a21057c70a10fcf1162846d05e245
-
SHA1
4644672a3b834ba7674c9528757c415eccc1ac27
-
SHA256
29988f877c82dbe27b9322f462af2a742e90073a262a57eaa37d6bed4f310d0a
-
SHA512
36d5cddaa10850bf18cf7704d0a845addd2677f68a7cb68e1b5cc8cf8d29bd717344cae70c3b03c41419afb87e8dd395b1a94d3730965ef1d1c67a69bec21dfd
-
SSDEEP
49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38q4B+g2vUqHOErz1:tPXZz
Malware Config
Targets
-
-
Target
630a21057c70a10fcf1162846d05e245.elf
-
Size
1.9MB
-
MD5
630a21057c70a10fcf1162846d05e245
-
SHA1
4644672a3b834ba7674c9528757c415eccc1ac27
-
SHA256
29988f877c82dbe27b9322f462af2a742e90073a262a57eaa37d6bed4f310d0a
-
SHA512
36d5cddaa10850bf18cf7704d0a845addd2677f68a7cb68e1b5cc8cf8d29bd717344cae70c3b03c41419afb87e8dd395b1a94d3730965ef1d1c67a69bec21dfd
-
SSDEEP
49152:XXPVKrbvGOQLeS7rb/TCvO90d7HjmAFd4A64nsfJrkaani38q4B+g2vUqHOErz1:tPXZz
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies Bash startup script
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-