General
-
Target
nag.x86.elf
-
Size
24KB
-
Sample
230429-18g1wsec6t
-
MD5
385c82b44c2faea9bc27922489453bbc
-
SHA1
007431c8f2918833639bb37be1c668cba46b3a9a
-
SHA256
3f87eb0835bbb7fd5913d551b476cbd72837c4176bcbc0038ba898589a0f7888
-
SHA512
1c322c8b88af7e4dd480869cf50452bc73fb5572088f0b68f9a1bff22263deee8b326e63c31107d85956964a286193323e55dd22c3c1b800876a85a276b522cf
-
SSDEEP
768:I8/etIPotzrv6xFiHhCRpMiaqDanbcuyD7UyQRjI:StIUryxFiBKOFuanouy8yys
Malware Config
Targets
-
-
Target
nag.x86.elf
-
Size
24KB
-
MD5
385c82b44c2faea9bc27922489453bbc
-
SHA1
007431c8f2918833639bb37be1c668cba46b3a9a
-
SHA256
3f87eb0835bbb7fd5913d551b476cbd72837c4176bcbc0038ba898589a0f7888
-
SHA512
1c322c8b88af7e4dd480869cf50452bc73fb5572088f0b68f9a1bff22263deee8b326e63c31107d85956964a286193323e55dd22c3c1b800876a85a276b522cf
-
SSDEEP
768:I8/etIPotzrv6xFiHhCRpMiaqDanbcuyD7UyQRjI:StIUryxFiBKOFuanouy8yys
-
Contacts a large (46394) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Deletes itself
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-