General
-
Target
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin
-
Size
26KB
-
Sample
230511-xhl1dacd4z
-
MD5
5e049ed7c60e7e05104d1d654161d868
-
SHA1
b92ecbbdd86b5197aef0752bed2bf959803298f1
-
SHA256
e61207e0bc6e69fd28d17073fb08256bc288be9ce949760dc0758d81447ed2d7
-
SHA512
6a8b0d4077ffba105d765ec326e8e8ff62492b4753559b80ff3f79c9533a06d8075e863f161638d62cf8ce0802c8820c2c32b53aff70ae52f888d79e31b292be
-
SSDEEP
768:WUnnuN5h5MO30lW1YhtXhWMbOiJgGlzDpbuR1JP:WUnurjMOLYLhWanVJuZ
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Linux.Generic.298766.32725.20286.elf.bin
-
Size
26KB
-
MD5
5e049ed7c60e7e05104d1d654161d868
-
SHA1
b92ecbbdd86b5197aef0752bed2bf959803298f1
-
SHA256
e61207e0bc6e69fd28d17073fb08256bc288be9ce949760dc0758d81447ed2d7
-
SHA512
6a8b0d4077ffba105d765ec326e8e8ff62492b4753559b80ff3f79c9533a06d8075e863f161638d62cf8ce0802c8820c2c32b53aff70ae52f888d79e31b292be
-
SSDEEP
768:WUnnuN5h5MO30lW1YhtXhWMbOiJgGlzDpbuR1JP:WUnurjMOLYLhWanVJuZ
-
Contacts a large (80678) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-