General
-
Target
387c617d575a85d4a5846afa2bde9b7f
-
Size
130KB
-
Sample
231219-2xt2rafgbn
-
MD5
387c617d575a85d4a5846afa2bde9b7f
-
SHA1
4354dd8123abdd4bf9792d5025bac4743e5af24b
-
SHA256
be4eb1815aa757b3894ae478a8bd60fd125d4b553077c11ffd23f9e7babd7a7c
-
SHA512
1626a0f7f7a923832f0efe0055f3bd05c758da6188fcc05c3bd54e13d57863d209d7c94b90a8508c528dfef240b4d13f596fe697c10296a54030681d4932b61a
-
SSDEEP
3072:iGRzaGhMNs5ausL0f2YNIy3+tuCf+iCgtM/9HO+:iGRzZMq5ausL0f2kI7Hf+iCGM/9HO+
Behavioral task
behavioral1
Sample
387c617d575a85d4a5846afa2bde9b7f
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
387c617d575a85d4a5846afa2bde9b7f
-
Size
130KB
-
MD5
387c617d575a85d4a5846afa2bde9b7f
-
SHA1
4354dd8123abdd4bf9792d5025bac4743e5af24b
-
SHA256
be4eb1815aa757b3894ae478a8bd60fd125d4b553077c11ffd23f9e7babd7a7c
-
SHA512
1626a0f7f7a923832f0efe0055f3bd05c758da6188fcc05c3bd54e13d57863d209d7c94b90a8508c528dfef240b4d13f596fe697c10296a54030681d4932b61a
-
SSDEEP
3072:iGRzaGhMNs5ausL0f2YNIy3+tuCf+iCgtM/9HO+:iGRzZMq5ausL0f2kI7Hf+iCGM/9HO+
Score9/10-
Contacts a large (53614) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-