General
-
Target
arm7.elf
-
Size
61KB
-
Sample
230428-nz5z5sdg33
-
MD5
621c71f6899c664012a9b9e34803aa53
-
SHA1
e6c65c8bdc5dccdeec675be827f8dd696bd52f82
-
SHA256
d890549a424bd598e80fea74f44957f5e77f0e7c425d7594461133d4ae1c2df4
-
SHA512
f66e1b95114c1bd3b963d1a58ae07d92c00b032945cf1b3ae8457b8be089004f03867d936070742d31d392a1858712a211207b3a0de1ecfb6012616312f2bbe4
-
SSDEEP
1536:W6xKsW0wex1YXGouMIMDBzZejugDdo/SC8ct:WmjWotMVZEG/cct
Static task
static1
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
arm7.elf
-
Size
61KB
-
MD5
621c71f6899c664012a9b9e34803aa53
-
SHA1
e6c65c8bdc5dccdeec675be827f8dd696bd52f82
-
SHA256
d890549a424bd598e80fea74f44957f5e77f0e7c425d7594461133d4ae1c2df4
-
SHA512
f66e1b95114c1bd3b963d1a58ae07d92c00b032945cf1b3ae8457b8be089004f03867d936070742d31d392a1858712a211207b3a0de1ecfb6012616312f2bbe4
-
SSDEEP
1536:W6xKsW0wex1YXGouMIMDBzZejugDdo/SC8ct:WmjWotMVZEG/cct
-
Contacts a large (95183) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-