General
-
Target
bd8c65affa470f7065db06be0a623574.elf
-
Size
5.1MB
-
Sample
230322-j555wahf5w
-
MD5
bd8c65affa470f7065db06be0a623574
-
SHA1
1117971925758354e4dc29d8ad2a381258c88a41
-
SHA256
850bba518a88aa16d6cd99e47ca5c090cb03db132ea735e3b08e85b6a57ce315
-
SHA512
66edcc2f08537897bee8328b3c4eafa5e13b6eaff77481a5089026c58064424df568331b36f9288d16bacf90bafcc72cb059059531c87e7651bfaffc889b6469
-
SSDEEP
24576:f0hITSaxCsmLTRScFkLwYgib6kEVtQ2gLApZf3vrTXKWXDReUHxeR7j81v9oT19b:GsLSjzCX1H9qzaiKRFjhIlkK1VI1V
Malware Config
Targets
-
-
Target
bd8c65affa470f7065db06be0a623574.elf
-
Size
5.1MB
-
MD5
bd8c65affa470f7065db06be0a623574
-
SHA1
1117971925758354e4dc29d8ad2a381258c88a41
-
SHA256
850bba518a88aa16d6cd99e47ca5c090cb03db132ea735e3b08e85b6a57ce315
-
SHA512
66edcc2f08537897bee8328b3c4eafa5e13b6eaff77481a5089026c58064424df568331b36f9288d16bacf90bafcc72cb059059531c87e7651bfaffc889b6469
-
SSDEEP
24576:f0hITSaxCsmLTRScFkLwYgib6kEVtQ2gLApZf3vrTXKWXDReUHxeR7j81v9oT19b:GsLSjzCX1H9qzaiKRFjhIlkK1VI1V
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies Bash startup script
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-