General
-
Target
3510ab0d3074eaf1f687df76d8d626d7
-
Size
25KB
-
Sample
231219-2wk3fsfbeq
-
MD5
3510ab0d3074eaf1f687df76d8d626d7
-
SHA1
c8cc70bfe8c600b1baa80769e0419d5a7a483a08
-
SHA256
b2c054b1cf5f1ac2542e23fa8fbf3f05f401183ce42c49d9cb499579097eb85c
-
SHA512
f16268d4ba621900631157fa6a69ae95359f35d79edfeb29a6cdc092834665b0e6f511f5633cb91bad2d73897d60aca7152acf10409f6152f5714ca40f6b7ebb
-
SSDEEP
384:MwkwBq1OtGyvXJ3DDtbe9Ok7SlGE0zdemZ8FkgtGnJgJH2ELv1R7:Qz1Jyfpg2lT6dJZWlVck7
Malware Config
Extracted
mirai
cnc.sinsforgiven.xyz
scan.sinsforgiven.xyz
Targets
-
-
Target
3510ab0d3074eaf1f687df76d8d626d7
-
Size
25KB
-
MD5
3510ab0d3074eaf1f687df76d8d626d7
-
SHA1
c8cc70bfe8c600b1baa80769e0419d5a7a483a08
-
SHA256
b2c054b1cf5f1ac2542e23fa8fbf3f05f401183ce42c49d9cb499579097eb85c
-
SHA512
f16268d4ba621900631157fa6a69ae95359f35d79edfeb29a6cdc092834665b0e6f511f5633cb91bad2d73897d60aca7152acf10409f6152f5714ca40f6b7ebb
-
SSDEEP
384:MwkwBq1OtGyvXJ3DDtbe9Ok7SlGE0zdemZ8FkgtGnJgJH2ELv1R7:Qz1Jyfpg2lT6dJZWlVck7
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (163446) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-