General
-
Target
binsh.sh
-
Size
300KB
-
Sample
230704-s5gxqagf6y
-
MD5
106a736477f5e6efc07bdea0249986f9
-
SHA1
b8cb63180aad940b1356e310e9bcbfee30a028b5
-
SHA256
e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73
-
SHA512
85892182987a55f12a295c6bca9a4eb104b0a1c6c42670fa1b3ba274bfc7a3f2d522daea0022c09181c57cc1024ea21812300f189ef707e2dd66f775adbf3576
-
SSDEEP
6144:p3lOYoaja8xzx/0wsxzSigabE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzXgabEDSDP99zBa/HKqoPqOJ
Malware Config
Targets
-
-
Target
binsh.sh
-
Size
300KB
-
MD5
106a736477f5e6efc07bdea0249986f9
-
SHA1
b8cb63180aad940b1356e310e9bcbfee30a028b5
-
SHA256
e629334def73be9e166ecdd9d5d73d6be97ef7f7d16f05383892332acb324b73
-
SHA512
85892182987a55f12a295c6bca9a4eb104b0a1c6c42670fa1b3ba274bfc7a3f2d522daea0022c09181c57cc1024ea21812300f189ef707e2dd66f775adbf3576
-
SSDEEP
6144:p3lOYoaja8xzx/0wsxzSigabE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzXgabEDSDP99zBa/HKqoPqOJ
Score8/10-
Contacts a large (534) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-