General
-
Target
591313719348cbe85190e20afb8c391c
-
Size
46KB
-
Sample
231219-3anrwsdcan
-
MD5
591313719348cbe85190e20afb8c391c
-
SHA1
b7d5663191545d09627fc4b12a1aadae4c2c01c1
-
SHA256
55bf07e9c7957b493fd91fd65369d4c682c874b5cd66a0a654d38b1c98b26f5c
-
SHA512
7895626cfbdf10d9d8d1c56919baf722472cad3fad60761ddfdd36f2c8503f52cabf251a568e2db9e75b0a01fa2720aa80bcbd6255f7e65d8e4cddcb32799504
-
SSDEEP
768:IR7d2U3gD9giS7Wwsd6iMqrXgJc9YyKBQ7xoKIi4aJsB4c6f90P7VLp:IR7d2UQRWQsiFrX7FtIfjB8fuP7V
Behavioral task
behavioral1
Sample
591313719348cbe85190e20afb8c391c
Resource
ubuntu1804-amd64-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
591313719348cbe85190e20afb8c391c
-
Size
46KB
-
MD5
591313719348cbe85190e20afb8c391c
-
SHA1
b7d5663191545d09627fc4b12a1aadae4c2c01c1
-
SHA256
55bf07e9c7957b493fd91fd65369d4c682c874b5cd66a0a654d38b1c98b26f5c
-
SHA512
7895626cfbdf10d9d8d1c56919baf722472cad3fad60761ddfdd36f2c8503f52cabf251a568e2db9e75b0a01fa2720aa80bcbd6255f7e65d8e4cddcb32799504
-
SSDEEP
768:IR7d2U3gD9giS7Wwsd6iMqrXgJc9YyKBQ7xoKIi4aJsB4c6f90P7VLp:IR7d2UQRWQsiFrX7FtIfjB8fuP7V
Score9/10-
Contacts a large (1589898) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-