General
-
Target
NEAS.2b2e14bbb8b6dde01574e16b023517138b6351026eb0b5039ed0949d4f352bcb.elf
-
Size
139KB
-
Sample
231117-vnkcmace81
-
MD5
065ad122f64d6412fdd86b0917077d92
-
SHA1
99967404eb14b9089d192e525d22c58d47ce13bf
-
SHA256
2b2e14bbb8b6dde01574e16b023517138b6351026eb0b5039ed0949d4f352bcb
-
SHA512
6202c2b8ee350b2c28ebc348505d205398967c2f4f7c423de681476b0ad1cbd114b808f9b615774e15ad06d57454a109cb6aa74a671332a10e934183310ad0eb
-
SSDEEP
3072:5gH6EVnGGtYVRXaCgk9mrsplDKZUmQBKXAVanJX+F8Jyvi4hL5AJI4+3jJNx13Sp:5gH6EVnGGtYVRXaPk9mrsplDKZUmQBKf
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
NEAS.2b2e14bbb8b6dde01574e16b023517138b6351026eb0b5039ed0949d4f352bcb.elf
-
Size
139KB
-
MD5
065ad122f64d6412fdd86b0917077d92
-
SHA1
99967404eb14b9089d192e525d22c58d47ce13bf
-
SHA256
2b2e14bbb8b6dde01574e16b023517138b6351026eb0b5039ed0949d4f352bcb
-
SHA512
6202c2b8ee350b2c28ebc348505d205398967c2f4f7c423de681476b0ad1cbd114b808f9b615774e15ad06d57454a109cb6aa74a671332a10e934183310ad0eb
-
SSDEEP
3072:5gH6EVnGGtYVRXaCgk9mrsplDKZUmQBKXAVanJX+F8Jyvi4hL5AJI4+3jJNx13Sp:5gH6EVnGGtYVRXaPk9mrsplDKZUmQBKf
Score9/10-
Contacts a large (19130) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-