General
-
Target
42eca5af3ea9b13d88404974c1720197.elf
-
Size
44KB
-
Sample
230430-1nrdtsda29
-
MD5
42eca5af3ea9b13d88404974c1720197
-
SHA1
4caa835eefa6ad74817384123292814cad31149e
-
SHA256
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf
-
SHA512
763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec
-
SSDEEP
768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
42eca5af3ea9b13d88404974c1720197.elf
-
Size
44KB
-
MD5
42eca5af3ea9b13d88404974c1720197
-
SHA1
4caa835eefa6ad74817384123292814cad31149e
-
SHA256
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf
-
SHA512
763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec
-
SSDEEP
768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis
-
Contacts a large (112284) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-