General
-
Target
xd.x86.elf
-
Size
29KB
-
Sample
230504-jwjkhsag86
-
MD5
3ac9feb7bc5dd1acdd2f444a9f6874b6
-
SHA1
554c03942552e6de81fd0e5b264e7e30b7076317
-
SHA256
1213cfaac8894eb28d63fc974cd61396c6bf017a1aa642b5e275c2ef4dd098c3
-
SHA512
6f7010a0ab12f371c25e39c772d9c78136d6a112190bf893906005f8db59b4dc07a0cd1f67eb8d955b1f09c5821305af8d6177fa37450fb2c067468dbced9546
-
SSDEEP
384:MpGclfUDwDsOAFImUQSAAHCj9TKcSLJY7eoayfsqxRFpDU7/2LDVokNyqN:PcmROmIIAiNKpLJY7Pa6tpI7/SoB4
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
xd.x86.elf
-
Size
29KB
-
MD5
3ac9feb7bc5dd1acdd2f444a9f6874b6
-
SHA1
554c03942552e6de81fd0e5b264e7e30b7076317
-
SHA256
1213cfaac8894eb28d63fc974cd61396c6bf017a1aa642b5e275c2ef4dd098c3
-
SHA512
6f7010a0ab12f371c25e39c772d9c78136d6a112190bf893906005f8db59b4dc07a0cd1f67eb8d955b1f09c5821305af8d6177fa37450fb2c067468dbced9546
-
SSDEEP
384:MpGclfUDwDsOAFImUQSAAHCj9TKcSLJY7eoayfsqxRFpDU7/2LDVokNyqN:PcmROmIIAiNKpLJY7Pa6tpI7/SoB4
-
Contacts a large (20206) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-