General
-
Target
3128bffe8b7ec9bcfcf2a761fd4958d6.elf
-
Size
48KB
-
Sample
230503-tfmx4shb5y
-
MD5
3128bffe8b7ec9bcfcf2a761fd4958d6
-
SHA1
b938e0e0aca26825d991abd489f5bc07f81447b4
-
SHA256
f37156d08947cadc02b422cd99d539f8599dcabce959838cd77aa510060195ff
-
SHA512
11f0c59836cbc22b569bafda7e92276f34185f3ede5fce6eb61d5c8b16b5afb7777da3a4f6e5f50879bf3e661fe4cd3d6d56d3ea9d27e74252349c128502c48c
-
SSDEEP
1536:zzIVF/thIhT9sqavNL9YdyNXV7yixQnHY:zzkb8RsqalL90yNXV+ix64
Malware Config
Extracted
mirai
BOTNET
cnc.kintaro.cc
Targets
-
-
Target
3128bffe8b7ec9bcfcf2a761fd4958d6.elf
-
Size
48KB
-
MD5
3128bffe8b7ec9bcfcf2a761fd4958d6
-
SHA1
b938e0e0aca26825d991abd489f5bc07f81447b4
-
SHA256
f37156d08947cadc02b422cd99d539f8599dcabce959838cd77aa510060195ff
-
SHA512
11f0c59836cbc22b569bafda7e92276f34185f3ede5fce6eb61d5c8b16b5afb7777da3a4f6e5f50879bf3e661fe4cd3d6d56d3ea9d27e74252349c128502c48c
-
SSDEEP
1536:zzIVF/thIhT9sqavNL9YdyNXV7yixQnHY:zzkb8RsqalL90yNXV+ix64
-
Contacts a large (94468) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-