General
-
Target
botx.arm7.elf
-
Size
128KB
-
Sample
230428-q5s9msed57
-
MD5
e10d33eceea63f342e57f3c261935b85
-
SHA1
0fbc5526132b457c98408190668ba364dfc80cdf
-
SHA256
288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7
-
SHA512
064a50771c0ee5120d0487a315b06fc5c106acd9cfe14a42d0be6f97e5cd61e91e3d31f9d3a2193af121648d2deb67886fd6d2c3d7c069ff6dc5c8f6dfabf5a7
-
SSDEEP
3072:4MHPSeIp13MJNgSHfFBrDKiKweeS1j6VM/94LmywPoIlq:4MHPSeO3SgSHfFBXKQ3S1AM/94LmywPg
Behavioral task
behavioral1
Sample
botx.arm7.elf
Resource
debian9-armhf-en-20211208
Malware Config
Extracted
mirai
CONDI
Targets
-
-
Target
botx.arm7.elf
-
Size
128KB
-
MD5
e10d33eceea63f342e57f3c261935b85
-
SHA1
0fbc5526132b457c98408190668ba364dfc80cdf
-
SHA256
288cee437e602a748418bb8dff7053f6268b85e192eb29805e92c45fc81209d7
-
SHA512
064a50771c0ee5120d0487a315b06fc5c106acd9cfe14a42d0be6f97e5cd61e91e3d31f9d3a2193af121648d2deb67886fd6d2c3d7c069ff6dc5c8f6dfabf5a7
-
SSDEEP
3072:4MHPSeIp13MJNgSHfFBrDKiKweeS1j6VM/94LmywPoIlq:4MHPSeO3SgSHfFBXKQ3S1AM/94LmywPg
Score9/10-
Contacts a large (47209) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-