General
-
Target
faaf1c09390b150e61b0438f4aa67e41.bin
-
Size
58KB
-
Sample
230825-cev4naab6y
-
MD5
fd3362659774591744180cc63c094784
-
SHA1
79905fb2528b3393597ce6397288e395c671e801
-
SHA256
8acf1aaa4fa1d2a190f0885d1cd73e4361e4be86f2c1dbf59b40de43e652b52d
-
SHA512
a84874dbb95fad66eda1c3c8822c2e7950d3f97aedbc90e0713c61fc156da41f902eeb825a77a3928348ea0a023eaee71da7cbcdb5579bf404343fa2eddc8f65
-
SSDEEP
1536:Me2v1uir5AbrZXKMAuZGecUiXgLEyxSRb79E:Mp1uirYZX3VaVgoyx6bpE
Behavioral task
behavioral1
Sample
2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414.elf
Resource
debian9-armhf-20221111-en
Malware Config
Extracted
mirai
CONDI
cnc.condinet.cf
report.condinet.cf
Targets
-
-
Target
2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414.elf
-
Size
128KB
-
MD5
faaf1c09390b150e61b0438f4aa67e41
-
SHA1
907f907bb1d8af5abde0e865634a15dad54a4b64
-
SHA256
2e59755d2cca18a7fd0e8924fac30075fbf6402f0ebf4e4d96e4188c4d8ca414
-
SHA512
a40497998b610ad58423ec6ff7bb3c090b0ccd097da1ced3f7b84e315a5f22e821d3b76d0a33e61775d232a4dd2e3a59fc3cf6b1738a4d3c084cf9ec6f243352
-
SSDEEP
3072:FMHPp2YD4jMB2CSHfFBR5KVbweCS9j6RM/918mywPoIlq:FMHPp2VjxCSHfFBzK+XS98M/9OmywPo1
Score9/10-
Contacts a large (54500) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-