General
-
Target
botx.arm7.elf
-
Size
128KB
-
Sample
230808-db6awsbg6x
-
MD5
83ec7db07d15829b11b321032e5efc69
-
SHA1
929e564986e2bb2304d6bc786b6f980f60d1fad3
-
SHA256
6d90204a61664400748f7eacc74b6e98ceee8211ca563989e0ec1e889885ce13
-
SHA512
6ab7377cf1188ddac1f37ad34f9121fb763a41a444a9dbb1e5d6a6afc09fefa7a8a0626f61fd9f0f60d8788422d36df16ddae35264c5e76024fe611ddd27d6c3
-
SSDEEP
3072:FMHPp2YH4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2ZjxCSHfFBzK+XS98M/9OmywPo1
Behavioral task
behavioral1
Sample
botx.arm7.elf
Resource
debian9-armhf-20221111-en
Malware Config
Extracted
mirai
CONDI
cnc.condinet.cf
report.condinet.cf
Targets
-
-
Target
botx.arm7.elf
-
Size
128KB
-
MD5
83ec7db07d15829b11b321032e5efc69
-
SHA1
929e564986e2bb2304d6bc786b6f980f60d1fad3
-
SHA256
6d90204a61664400748f7eacc74b6e98ceee8211ca563989e0ec1e889885ce13
-
SHA512
6ab7377cf1188ddac1f37ad34f9121fb763a41a444a9dbb1e5d6a6afc09fefa7a8a0626f61fd9f0f60d8788422d36df16ddae35264c5e76024fe611ddd27d6c3
-
SSDEEP
3072:FMHPp2YH4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2ZjxCSHfFBzK+XS98M/9OmywPo1
Score9/10-
Contacts a large (50272) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-