General
-
Target
b3astmode.x86
-
Size
27KB
-
Sample
230429-hrtn9aab47
-
MD5
03131d436afb62e6632944dae320979f
-
SHA1
db78ded95196d8e671b2f2136e90427885788715
-
SHA256
da62b86b8ccb705b060d91a343fd58c2bccd0118b1f9d2ff2a883c2ead091c5e
-
SHA512
ca3a26af5730ca43ff53544a23066e098dd4862f7ce627905d11b3d7ac89c00a597720d8c3134639314af89318f538270d68133c771de709cf729a94222897e6
-
SSDEEP
384:MAZ83WvukT8nkIhpEIsYlDd4aIefzm70u9fAhCPj14AaJFA0jHIjW9GgD4duxlfC:j+Wv/CnpEQgefzMZUkRvVi4zGYtT3Ay
Malware Config
Extracted
mirai
UNST
Targets
-
-
Target
b3astmode.x86
-
Size
27KB
-
MD5
03131d436afb62e6632944dae320979f
-
SHA1
db78ded95196d8e671b2f2136e90427885788715
-
SHA256
da62b86b8ccb705b060d91a343fd58c2bccd0118b1f9d2ff2a883c2ead091c5e
-
SHA512
ca3a26af5730ca43ff53544a23066e098dd4862f7ce627905d11b3d7ac89c00a597720d8c3134639314af89318f538270d68133c771de709cf729a94222897e6
-
SSDEEP
384:MAZ83WvukT8nkIhpEIsYlDd4aIefzm70u9fAhCPj14AaJFA0jHIjW9GgD4duxlfC:j+Wv/CnpEQgefzMZUkRvVi4zGYtT3Ay
-
Contacts a large (69098) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-