General
-
Target
a3e3ce2457cb9250c1859c8111cf2e14.elf
-
Size
27KB
-
Sample
230503-tfmmcafb99
-
MD5
a3e3ce2457cb9250c1859c8111cf2e14
-
SHA1
875e7131f699802f06c0c05748f69dd7fb56d7f8
-
SHA256
b8e7275225b044f5f6a2b96341e61731fd1791daa599e6aa819c759f3d6ceb71
-
SHA512
0f27ba21b227c5904a68f1c09e5f2ad5220aa2a54482f1659b5ae6f2ea909d5ada977cc915c19542edcb580dff9d8037083a5122765d7dd3adabeee946fd5400
-
SSDEEP
768:O1Jnr9HMs0aNafCBtoGKYF3cTXmfhulIKWy:c9lpSli3ce9K
Malware Config
Extracted
mirai
BOTNET
cnc.kintaro.cc
Targets
-
-
Target
a3e3ce2457cb9250c1859c8111cf2e14.elf
-
Size
27KB
-
MD5
a3e3ce2457cb9250c1859c8111cf2e14
-
SHA1
875e7131f699802f06c0c05748f69dd7fb56d7f8
-
SHA256
b8e7275225b044f5f6a2b96341e61731fd1791daa599e6aa819c759f3d6ceb71
-
SHA512
0f27ba21b227c5904a68f1c09e5f2ad5220aa2a54482f1659b5ae6f2ea909d5ada977cc915c19542edcb580dff9d8037083a5122765d7dd3adabeee946fd5400
-
SSDEEP
768:O1Jnr9HMs0aNafCBtoGKYF3cTXmfhulIKWy:c9lpSli3ce9K
-
Contacts a large (97491) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-