General
-
Target
532d634e636df94d048ffe5d14070515.bin
-
Size
28KB
-
Sample
230501-byyhfsea79
-
MD5
b108e67be701ed2f452c7aaaeff683a2
-
SHA1
78d4fb20e16eefaa9315273724c905787161f64a
-
SHA256
4fe76665822bc651a56dd715c2a834d4b6305840684b5dc8f3e06e6a378c0bec
-
SHA512
f611119615dd99a72d84d0ee038fdbdfb6a0c9ff34da0c922d83c21331049aa9b880d9ca9782d4f3f2d51dfd85356c2d4b324e91c38c3150ba69f89900548717
-
SSDEEP
384:FETZeKazEcDXSXEmbssPsrnFGQkWIaiyQJ5JFnQNAne4NSjQEXd6VLHHfW5YITJh:YZqEmXAEiszBGQCFH7nQ3kaIrr3OTgUB
Malware Config
Extracted
mirai
UNST
Targets
-
-
Target
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758.elf
-
Size
29KB
-
MD5
532d634e636df94d048ffe5d14070515
-
SHA1
79a02c1a8c9fc711c839d4b2a42609f715d3a2dd
-
SHA256
828c63fa811ff30d82d3b856ed4e1005ce2a03fd14d80a34a86a5f368e18a758
-
SHA512
ca909cf74d8136d1fe4fc6520398278fa4e47d39e522866737e80d40e6b9468b4a57c262a9089a7b83d8a13bbcb81882d59517b17159668be66731cdd1b5f719
-
SSDEEP
768:LK6ZNaTDl14+35/uPg6f3+1IisZMUzltx+HnhmyJgGlzDpbuR1Jd:L1CDn4+3MY6ftiFUht8Hs2VJu/
-
Contacts a large (60786) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-