General
-
Target
78f2363bef1d7ad993b403fbebab2aa0.elf
-
Size
128KB
-
Sample
230619-j9kdzacf28
-
MD5
78f2363bef1d7ad993b403fbebab2aa0
-
SHA1
da6c73887d88b8b4b79359172c4cff3ac9566e6c
-
SHA256
301fabc381411225889f33942e46ac0b70c3c9f37bfe9108271d2614deca3938
-
SHA512
9c630e872f903f0fa4cb3b54e805d1fc039d9e6b64bada2e26dfbcb68d2e18423ebb3771e094d13f2ecb9a346a87894a8ea15dffab5783fc46956609532dabc0
-
SSDEEP
3072:5MHPp2YD4jM82uSHfFBIFKFbwegZS9j6RM/96mywPoIlq:5MHPp2tjkuSHfFBMKO5S98M/96mywPo1
Behavioral task
behavioral1
Sample
78f2363bef1d7ad993b403fbebab2aa0.elf
Resource
debian9-armhf-en-20211208
Malware Config
Extracted
mirai
CONDI
cnc.nullz.tk
report.nullz.tk
Targets
-
-
Target
78f2363bef1d7ad993b403fbebab2aa0.elf
-
Size
128KB
-
MD5
78f2363bef1d7ad993b403fbebab2aa0
-
SHA1
da6c73887d88b8b4b79359172c4cff3ac9566e6c
-
SHA256
301fabc381411225889f33942e46ac0b70c3c9f37bfe9108271d2614deca3938
-
SHA512
9c630e872f903f0fa4cb3b54e805d1fc039d9e6b64bada2e26dfbcb68d2e18423ebb3771e094d13f2ecb9a346a87894a8ea15dffab5783fc46956609532dabc0
-
SSDEEP
3072:5MHPp2YD4jM82uSHfFBIFKFbwegZS9j6RM/96mywPoIlq:5MHPp2tjkuSHfFBMKO5S98M/96mywPo1
Score9/10-
Contacts a large (49511) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-