General
-
Target
lscpu
-
Size
18KB
-
Sample
230509-kn67aagh8s
-
MD5
238f500e74164a32a86646792d56accd
-
SHA1
fa2516c644d18ea74684c13d0f2140607acce7b8
-
SHA256
77e54b206b632f707f03acdce2cae28f539517e50ed9c24755258106ff61c61f
-
SHA512
e2c7596786ff73b6793b7dc94a112ab6c090b2f1874c1e2e6080793bd98208d76fc2010beeded541ed0c98d7f07d372fc8aeb4bf2ddf4850b0ef1e354f1a2d2d
-
SSDEEP
384:MveHKBGXaLKbt3PSgArJK2dRQQeCPKlFYiyGgQVyXxIgFs70ukuReQLq51R:lQGXiuK902dRECPWlcXTs7iR
Malware Config
Targets
-
-
Target
lscpu
-
Size
18KB
-
MD5
238f500e74164a32a86646792d56accd
-
SHA1
fa2516c644d18ea74684c13d0f2140607acce7b8
-
SHA256
77e54b206b632f707f03acdce2cae28f539517e50ed9c24755258106ff61c61f
-
SHA512
e2c7596786ff73b6793b7dc94a112ab6c090b2f1874c1e2e6080793bd98208d76fc2010beeded541ed0c98d7f07d372fc8aeb4bf2ddf4850b0ef1e354f1a2d2d
-
SSDEEP
384:MveHKBGXaLKbt3PSgArJK2dRQQeCPKlFYiyGgQVyXxIgFs70ukuReQLq51R:lQGXiuK902dRECPWlcXTs7iR
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-