General
-
Target
x86.elf
-
Size
28KB
-
Sample
230428-nz5z5sff6t
-
MD5
8bfd27fc20555a7d05cd59a6cee595dd
-
SHA1
5bc18649490e7d357aa090cc65890f5ab14df229
-
SHA256
12da7aac18b2a6cf3f1cec92cc21616087faaf5a469b3985d08bed24ee65a296
-
SHA512
7f3217bbe0aa80b64c5caa2ee0ebcd2c0784336bebf91dd565e0dc8e0e2ed337f5a3f27fd5816ae35f1dac600080ac49ab8cc6b2de2fb650a85514516bf6224a
-
SSDEEP
768:DYicrAqMzfOw7v6ZtlHV/5Haz6RGPbTHhVnbcuyD7UryqM:0zAVfbveHn6z5Pnouy8mqM
Static task
static1
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
x86.elf
-
Size
28KB
-
MD5
8bfd27fc20555a7d05cd59a6cee595dd
-
SHA1
5bc18649490e7d357aa090cc65890f5ab14df229
-
SHA256
12da7aac18b2a6cf3f1cec92cc21616087faaf5a469b3985d08bed24ee65a296
-
SHA512
7f3217bbe0aa80b64c5caa2ee0ebcd2c0784336bebf91dd565e0dc8e0e2ed337f5a3f27fd5816ae35f1dac600080ac49ab8cc6b2de2fb650a85514516bf6224a
-
SSDEEP
768:DYicrAqMzfOw7v6ZtlHV/5Haz6RGPbTHhVnbcuyD7UryqM:0zAVfbveHn6z5Pnouy8mqM
-
Contacts a large (105632) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-