General
-
Target
687be0db64e721cafa547f1717c5e7d1.bin
-
Size
30KB
-
Sample
230531-bsxnzacc93
-
MD5
260859c2be8bbefaeb73f21e5c12b7bf
-
SHA1
716e511797813c284230a04ebe54ea3a6c693db4
-
SHA256
2345af96ca96d455c6ef9477297a0f47f8b16bc4f5d2a8b890468a1531e18121
-
SHA512
e4717b2d7bd4c73c9f7fd667539866650780900a7672e51ccdd21773b919d761b79f41b7e16ba2cedeae2891e7d911a4db2d5574054d484aff109710c899fee7
-
SSDEEP
384:jUwdrBQ10F0fDvs8/PFkoN5dJtsC07f9rfP4pOg9XzMzaFtJpt4fBzeYhlLahI9S:jxrU/j2H4pOaMzanJpifphhohInpAQ3q
Malware Config
Targets
-
-
Target
d11d572a1404d32ffc062ad741c29588ccd4af2da03aafa8081d059119e2bfd7.elf
-
Size
31KB
-
MD5
687be0db64e721cafa547f1717c5e7d1
-
SHA1
c817451dc6d72adfe602330fa333058db45d7963
-
SHA256
d11d572a1404d32ffc062ad741c29588ccd4af2da03aafa8081d059119e2bfd7
-
SHA512
f1504959e986f1b751776a81115fb214788b673b4bb9d4f80cb6826795a43e3077df74e1404dc85e16725b8fc17fe50856b25b5d887bd3718304edd23de748d5
-
SSDEEP
768:JgmeI3ZV7A/9k9mPf+JOcEXVigSwPPnNOoslXh1YSU6DCJgGlzDpUYsyU:Jn3H0/W90fMFai+k/VGVqYZU
-
Contacts a large (167468) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-