General
-
Target
Yboats.x86.elf
-
Size
42KB
-
Sample
230514-npzqdaea9y
-
MD5
0dd4eab267503551c205232b9ae6641d
-
SHA1
b36dd30e0c301eef3fb08fd20392e1b1415d21e6
-
SHA256
0412f9793ff956afe50fded530e604ee8109da34a41b291883a1232b9181e5a2
-
SHA512
ae3eb76c7303291da64f7534539d7abfe2e4f1a7f2e8411dbbacefabebdfdc9e12985783766477192ba7d50ee60d6da8ae20657efe0931297c0c115c474bd3bc
-
SSDEEP
768:OX37YdYw/bdTLH/WMYRKz0d5zTYFC8KRceYH/JIc+PdkrnbcuyD7UVyq+:O7YYadeGzq5TYFImrnouy8sq+
Malware Config
Extracted
mirai
UNSTABLE
Targets
-
-
Target
Yboats.x86.elf
-
Size
42KB
-
MD5
0dd4eab267503551c205232b9ae6641d
-
SHA1
b36dd30e0c301eef3fb08fd20392e1b1415d21e6
-
SHA256
0412f9793ff956afe50fded530e604ee8109da34a41b291883a1232b9181e5a2
-
SHA512
ae3eb76c7303291da64f7534539d7abfe2e4f1a7f2e8411dbbacefabebdfdc9e12985783766477192ba7d50ee60d6da8ae20657efe0931297c0c115c474bd3bc
-
SSDEEP
768:OX37YdYw/bdTLH/WMYRKz0d5zTYFC8KRceYH/JIc+PdkrnbcuyD7UVyq+:O7YYadeGzq5TYFImrnouy8sq+
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (1321811) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Changes its process name
-
Deletes itself
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-