General
-
Target
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
Size
74KB
-
Sample
231219-2jv2wsdfb9
-
MD5
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
SHA1
50a6062a3e844f3bd60a5f1a94b5b5f01182210c
-
SHA256
5e0d0c7d812f26c59201fee046b6ddf87aa975d33741415dc35c879fc7a5e17d
-
SHA512
8145d8759cd484f585d58be0b6e54264cadf40c3a4a20dccd5ca366e557fcb4a036a5eb205be9f3e573c53399850a38608c11d17c467fa78647520ea930b5fcc
-
SSDEEP
1536:sTG6uNvfRaM88GcgKPn35kWKvgRU+leiIOxRnSyk:sT76RaM8j5KPn35kvgRU+0vyk
Behavioral task
behavioral1
Sample
189b4d7166cb8ae5e37cbe0aeb4be1dc
Resource
debian9-mipsbe-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
Size
74KB
-
MD5
189b4d7166cb8ae5e37cbe0aeb4be1dc
-
SHA1
50a6062a3e844f3bd60a5f1a94b5b5f01182210c
-
SHA256
5e0d0c7d812f26c59201fee046b6ddf87aa975d33741415dc35c879fc7a5e17d
-
SHA512
8145d8759cd484f585d58be0b6e54264cadf40c3a4a20dccd5ca366e557fcb4a036a5eb205be9f3e573c53399850a38608c11d17c467fa78647520ea930b5fcc
-
SSDEEP
1536:sTG6uNvfRaM88GcgKPn35kWKvgRU+leiIOxRnSyk:sT76RaM8j5KPn35kvgRU+0vyk
Score9/10-
Contacts a large (42905) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-