General
-
Target
botx.x86.elf
-
Size
50KB
-
Sample
230619-jx87kadg2t
-
MD5
a147fd7f6b23285ef215a05d5f3884e4
-
SHA1
183e6f5d2dd9a95c8ba214f1f81134297fffb494
-
SHA256
66dccdec81b69c25ccfa292d8281a9715a640e45ae0989502190fbcbdcc19658
-
SHA512
8d64e25eca6b9e3163958623678b94f1c78610eb41c85d85029b6241265ce1ec87d67397cfb618d7ccab5c7ea42fca9730a6608771eaa05e7427662e0221ac0a
-
SSDEEP
768:ytYRSjaQ9DaZ/oJlExakbMqu8iuIkvKy+h1laTm/4RsvKQLDJCgMjz:WYRSjaCu1wlPGIly+hXaq/4G3LNCgMv
Behavioral task
behavioral1
Sample
botx.x86.elf
Resource
ubuntu1804-amd64-20221111-en
Malware Config
Extracted
mirai
CONDI
cnc.nullz.tk
report.nullz.tk
Targets
-
-
Target
botx.x86.elf
-
Size
50KB
-
MD5
a147fd7f6b23285ef215a05d5f3884e4
-
SHA1
183e6f5d2dd9a95c8ba214f1f81134297fffb494
-
SHA256
66dccdec81b69c25ccfa292d8281a9715a640e45ae0989502190fbcbdcc19658
-
SHA512
8d64e25eca6b9e3163958623678b94f1c78610eb41c85d85029b6241265ce1ec87d67397cfb618d7ccab5c7ea42fca9730a6608771eaa05e7427662e0221ac0a
-
SSDEEP
768:ytYRSjaQ9DaZ/oJlExakbMqu8iuIkvKy+h1laTm/4RsvKQLDJCgMjz:WYRSjaCu1wlPGIly+hXaq/4G3LNCgMv
Score9/10-
Contacts a large (57949) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-