General
-
Target
32772fc9743b4ab0dd322f3c6add4f5a
-
Size
94KB
-
Sample
231219-2vnrysegbj
-
MD5
32772fc9743b4ab0dd322f3c6add4f5a
-
SHA1
9a71d5e1c04cc22b8c5b0613585a4d878f62467e
-
SHA256
270aa3f5f21ae6388fad6a787dfc8cc99e6486f60b9c28889e0c58379003ba26
-
SHA512
a8f6f26d13904c2fc9119df24b739b9e580ffd1a29ffc006de899f69fa0ef72a6b9524924aabe858d02f5fe939b78e2e6ff1abdf798695c48bda12f716ebfb40
-
SSDEEP
1536:PY+ZfysbXDhbGDds1IULkxn3GO0Z2RDjmTq+URVebz82wSxRn55G:g+xywRGD9ULkdGO0Z2UTq+URm9g
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
32772fc9743b4ab0dd322f3c6add4f5a
-
Size
94KB
-
MD5
32772fc9743b4ab0dd322f3c6add4f5a
-
SHA1
9a71d5e1c04cc22b8c5b0613585a4d878f62467e
-
SHA256
270aa3f5f21ae6388fad6a787dfc8cc99e6486f60b9c28889e0c58379003ba26
-
SHA512
a8f6f26d13904c2fc9119df24b739b9e580ffd1a29ffc006de899f69fa0ef72a6b9524924aabe858d02f5fe939b78e2e6ff1abdf798695c48bda12f716ebfb40
-
SSDEEP
1536:PY+ZfysbXDhbGDds1IULkxn3GO0Z2RDjmTq+URVebz82wSxRn55G:g+xywRGD9ULkdGO0Z2UTq+URm9g
Score9/10-
Contacts a large (296790) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-