General
-
Target
a51b8b6661b6ea7d339a66c1100e6bdd.elf
-
Size
27KB
-
Sample
230519-xlbzksfd58
-
MD5
a51b8b6661b6ea7d339a66c1100e6bdd
-
SHA1
956730e264347a610f969e81836322426c8ccf4b
-
SHA256
0c66077d1f6f335b3e928f0506ab8f068de1987a292dbd2d5495cfb46de44a36
-
SHA512
1c97f630cc58756183856ed67582415ee9ba0ef767c7b27a1552bdb4434e9a03a3310527ff6100456b25ee463b0ef1075daa9b3bbfb7c43673fa35700a6fbf19
-
SSDEEP
768:G8bEL70kbgfQkRI7fBCwi8YGikJgGlzDpbuR1Jt:GN70kbmQ/fB24lVJuT
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
a51b8b6661b6ea7d339a66c1100e6bdd.elf
-
Size
27KB
-
MD5
a51b8b6661b6ea7d339a66c1100e6bdd
-
SHA1
956730e264347a610f969e81836322426c8ccf4b
-
SHA256
0c66077d1f6f335b3e928f0506ab8f068de1987a292dbd2d5495cfb46de44a36
-
SHA512
1c97f630cc58756183856ed67582415ee9ba0ef767c7b27a1552bdb4434e9a03a3310527ff6100456b25ee463b0ef1075daa9b3bbfb7c43673fa35700a6fbf19
-
SSDEEP
768:G8bEL70kbgfQkRI7fBCwi8YGikJgGlzDpbuR1Jt:GN70kbmQ/fB24lVJuT
-
Contacts a large (20724) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-