General
-
Target
d00e880bfd7598454a0a8e60cbae6f66.elf
-
Size
24KB
-
Sample
230525-1tbwbsdc2x
-
MD5
d00e880bfd7598454a0a8e60cbae6f66
-
SHA1
025e99dec0ea271023007644377a8a3d69c1879a
-
SHA256
c90e2b54921ab6553e2567c34b4f7b1ced31c18b0b826bc0e8971f6cda3af898
-
SHA512
b8ded24e673fc15a68d782bf962075623d5aa35943c65594c5191add309d2f9207c2337b53393c71105632406ef8d92254492770205d8cc4a782db397522b41b
-
SSDEEP
768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpSIZqSWvU:4QlS07FUXqIYSXQKquNqs
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
d00e880bfd7598454a0a8e60cbae6f66.elf
-
Size
24KB
-
MD5
d00e880bfd7598454a0a8e60cbae6f66
-
SHA1
025e99dec0ea271023007644377a8a3d69c1879a
-
SHA256
c90e2b54921ab6553e2567c34b4f7b1ced31c18b0b826bc0e8971f6cda3af898
-
SHA512
b8ded24e673fc15a68d782bf962075623d5aa35943c65594c5191add309d2f9207c2337b53393c71105632406ef8d92254492770205d8cc4a782db397522b41b
-
SSDEEP
768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpSIZqSWvU:4QlS07FUXqIYSXQKquNqs
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Writes file to system bin folder
-