General
-
Target
28f2d15a7bae63fdb620eccf7a05f38b.elf
-
Size
55KB
-
Sample
230529-ts3t4ada9z
-
MD5
28f2d15a7bae63fdb620eccf7a05f38b
-
SHA1
68f89a0704af09b90fa0052a5f4d907fb4d6b18c
-
SHA256
33a99c61e56fe78994777d4bae62862ec22e2e7e1289c1546913c1cad0728217
-
SHA512
876a50d5dad4f563549393ffdbe57573b7bf2d303b413ddae4a693891eea3d0764690cb0467130de82a37792fcdd77664a21b749c9ce872d17cc95b276dbb100
-
SSDEEP
1536:3qdcbpON3LGFXB4Foq3TxuWUPgWvdm6x2CT:3GUziocvUPjPcCT
Malware Config
Targets
-
-
Target
28f2d15a7bae63fdb620eccf7a05f38b.elf
-
Size
55KB
-
MD5
28f2d15a7bae63fdb620eccf7a05f38b
-
SHA1
68f89a0704af09b90fa0052a5f4d907fb4d6b18c
-
SHA256
33a99c61e56fe78994777d4bae62862ec22e2e7e1289c1546913c1cad0728217
-
SHA512
876a50d5dad4f563549393ffdbe57573b7bf2d303b413ddae4a693891eea3d0764690cb0467130de82a37792fcdd77664a21b749c9ce872d17cc95b276dbb100
-
SSDEEP
1536:3qdcbpON3LGFXB4Foq3TxuWUPgWvdm6x2CT:3GUziocvUPjPcCT
-
Contacts a large (178812) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-