General
-
Target
1fdbe8b4d15689aa3d88664929b6fbac
-
Size
38KB
-
Sample
231010-a2vqasbe24
-
MD5
1fdbe8b4d15689aa3d88664929b6fbac
-
SHA1
971142c753fe42683da806fc330e05dffc646fe0
-
SHA256
8655e31b935f2100b47a54fb2a90ed499043d5b0f57fd18e0dcfb71bd51cd471
-
SHA512
83ac25e24b36a72e6657850ca2485b2a92cf80c34eabad79a404f5c1f7ee4d85f9396e2a8915b4b136dc87dc2a820cb8f7554d50c75df2b8599fe2ed913641b6
-
SSDEEP
768:mzZvp81hWmfYM7DK+0iAHry4CAZzrdzZ/oDFKjqPrtaIY464WRY:mdp81QuDKaZVAZHdzZ/+FgisJU
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
1fdbe8b4d15689aa3d88664929b6fbac
-
Size
38KB
-
MD5
1fdbe8b4d15689aa3d88664929b6fbac
-
SHA1
971142c753fe42683da806fc330e05dffc646fe0
-
SHA256
8655e31b935f2100b47a54fb2a90ed499043d5b0f57fd18e0dcfb71bd51cd471
-
SHA512
83ac25e24b36a72e6657850ca2485b2a92cf80c34eabad79a404f5c1f7ee4d85f9396e2a8915b4b136dc87dc2a820cb8f7554d50c75df2b8599fe2ed913641b6
-
SSDEEP
768:mzZvp81hWmfYM7DK+0iAHry4CAZzrdzZ/oDFKjqPrtaIY464WRY:mdp81QuDKaZVAZHdzZ/+FgisJU
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (79802) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-