Overview

overview

10

Static

static

7

Cronusx86.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cronusx86.elf

  • Size

    28KB

  • Sample

    230529-s1bvxace22

  • MD5

    113ef39de724b1550e48578cebdd62d4

  • SHA1

    a75e6de60426ce12fd3db98fa0facb1100bfd84e

  • SHA256

    99a08311f2eb23b34a5f1c58462ac8657a4f76ff7941de2ed4dbdc89af4fcd5a

  • SHA512

    1481594e38a361c66979f90f98baf1de85cb3aace88cbde2961898afba9daa1b31d8a240814558a3cd68cdeef0b68c0eb4a0461f022916334af1a4fb553241e0

  • SSDEEP

    768:VkAl0OCw3/AUK1BdPJGWnwckFX6rgYvP/C/+daKP:uqz3/AUYBPGEw1YgYvP/++dao

Score
10/10
miraibotnetdiscoverylinuxupx

Malware Config

Targets

    • Target

      Cronusx86.elf

    • Size

      28KB

    • MD5

      113ef39de724b1550e48578cebdd62d4

    • SHA1

      a75e6de60426ce12fd3db98fa0facb1100bfd84e

    • SHA256

      99a08311f2eb23b34a5f1c58462ac8657a4f76ff7941de2ed4dbdc89af4fcd5a

    • SHA512

      1481594e38a361c66979f90f98baf1de85cb3aace88cbde2961898afba9daa1b31d8a240814558a3cd68cdeef0b68c0eb4a0461f022916334af1a4fb553241e0

    • SSDEEP

      768:VkAl0OCw3/AUK1BdPJGWnwckFX6rgYvP/C/+daKP:uqz3/AUYBPGEw1YgYvP/++dao

    Score
    10/10
    miraibotnetdiscovery

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

      botnetmirai

    • Contacts a large (360456) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Changes its process name

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks