General
-
Target
42eca5af3ea9b13d88404974c1720197.bin
-
Size
43KB
-
Sample
230502-bsrsqahc69
-
MD5
6d85a104ccda45cb5b98005653af7106
-
SHA1
c4eff2b8f3883399e8f589ee823a4ee5dd62deb4
-
SHA256
aa1c150c5db559da04672b4774e228a28f7e27cf5db770f5c5f41d764ee4417f
-
SHA512
aa714957b92429e6ad0d219b989fb4b49ef7e77719ca17ffbe6bec4811dcbc5dab68cb34acc6743c77f27d35dc21ebea9c8fea988a2eee3358e3fb04ca2ae61e
-
SSDEEP
768:kdzBbpHI4p8zYl3wTfyF5tveLHK8fpACmHwnH/wpvdf6a8d2eiGjIKAMI8Ye20:eRpHI4z1VF5tzKACmHC0wp2eiGjIKLIw
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf.elf
-
Size
44KB
-
MD5
42eca5af3ea9b13d88404974c1720197
-
SHA1
4caa835eefa6ad74817384123292814cad31149e
-
SHA256
e049a4f5e8bccb9767124feb8a4eb55ab4715194630efabfa66ff929a3217cbf
-
SHA512
763e72ac779f305d64b135f5a4bcf6feba4dbc5274b51236a2447f8f7aeb2613be0fdd3593fd1f596b30736c04011b7ffea9077244900e3c7a4205ead8ce96ec
-
SSDEEP
768:fJS4GmW3BHKBa0BJXEALN5oSWgjYS62j5Zg3lyReMGXTUAiflWz:bGmqga0BJXEALNWghjaly0PTUAis
-
Contacts a large (112444) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-