General
-
Target
84a88b40d9e2fe36e6a73b93898dddc2.elf
-
Size
30KB
-
Sample
230513-zd5m2ahc53
-
MD5
84a88b40d9e2fe36e6a73b93898dddc2
-
SHA1
3236d5a9361d89f1355259ccb27a5c575aff7492
-
SHA256
9ee35bb8aa6a7e7178ea47530bcb11f77669111b77953b96881e10c94a8b9ee9
-
SHA512
aa77ee885c4063e734e79538d74b03fb1e78d3cc8b4c6d52da12c77ec78f8e7c97e431d5701880e8ce0a33e99a5c719e11d4af811e1ec7840c9cec71e992661b
-
SSDEEP
384:M7j+HABXrVZpAqNCADhauGewNXmQ55BryYxN4TkTJBkeksweuotb+ZHpZwDnHqmk:hHKXrVZpAqXzGe4H5eCueFOZJZIHqmQT
Malware Config
Targets
-
-
Target
84a88b40d9e2fe36e6a73b93898dddc2.elf
-
Size
30KB
-
MD5
84a88b40d9e2fe36e6a73b93898dddc2
-
SHA1
3236d5a9361d89f1355259ccb27a5c575aff7492
-
SHA256
9ee35bb8aa6a7e7178ea47530bcb11f77669111b77953b96881e10c94a8b9ee9
-
SHA512
aa77ee885c4063e734e79538d74b03fb1e78d3cc8b4c6d52da12c77ec78f8e7c97e431d5701880e8ce0a33e99a5c719e11d4af811e1ec7840c9cec71e992661b
-
SSDEEP
384:M7j+HABXrVZpAqNCADhauGewNXmQ55BryYxN4TkTJBkeksweuotb+ZHpZwDnHqmk:hHKXrVZpAqXzGe4H5eCueFOZJZIHqmQT
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (74977) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-