General
-
Target
meow.x86.elf
-
Size
29KB
-
Sample
230426-hh292ahe5t
-
MD5
a856ca530934591abd623f8656c89852
-
SHA1
89db3ddac29e9ac4b8c7471c91399ebf2c76fe78
-
SHA256
674951eac1bc09caa76859b03ef08df469413f1b4966f5827aba25953e25dae9
-
SHA512
06939283c4dd2987032b0cd56f66fc24847aefddcd10c2f69fd762d1df06f88a7a92ae5f982c498a44408efcc62ef9dd959aab483c1cb401b08a455af6ac7da4
-
SSDEEP
768:51XI5lPlSF26OqBC9ruraMvi1U2VCPRKsLzukv7ji:DaUv7C9qaiiTsLzuC7m
Malware Config
Extracted
mirai
bn.vboot.pw
Targets
-
-
Target
meow.x86.elf
-
Size
29KB
-
MD5
a856ca530934591abd623f8656c89852
-
SHA1
89db3ddac29e9ac4b8c7471c91399ebf2c76fe78
-
SHA256
674951eac1bc09caa76859b03ef08df469413f1b4966f5827aba25953e25dae9
-
SHA512
06939283c4dd2987032b0cd56f66fc24847aefddcd10c2f69fd762d1df06f88a7a92ae5f982c498a44408efcc62ef9dd959aab483c1cb401b08a455af6ac7da4
-
SSDEEP
768:51XI5lPlSF26OqBC9ruraMvi1U2VCPRKsLzukv7ji:DaUv7C9qaiiTsLzuC7m
-
Contacts a large (243837) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-