General
-
Target
5ab07ac5d58562b6733dc8226ef1d44a
-
Size
127KB
-
Sample
231219-3ba77adedk
-
MD5
5ab07ac5d58562b6733dc8226ef1d44a
-
SHA1
d7387170d49e3e481b892c1fbcb6d4c5d9ed2ca4
-
SHA256
b46030b1725dc6166f5d69511cd33bf7ce2c07cfb29282d95841b8ca8c821ded
-
SHA512
558edea154863de71c63ef9e9e0d4f5303a19fb53967a859314760990b17d94c6feed429bef49893681e28536ca5a61a5c1ef6a4cf5b2f9f8b8020cf65ed4d5d
-
SSDEEP
3072:r5fDwnuX9azII1j4BqfwSDWZmgGP+AgyM/9G9L+:r5fuq9azII1j4MfAsgGP+PyM/9s+
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
5ab07ac5d58562b6733dc8226ef1d44a
-
Size
127KB
-
MD5
5ab07ac5d58562b6733dc8226ef1d44a
-
SHA1
d7387170d49e3e481b892c1fbcb6d4c5d9ed2ca4
-
SHA256
b46030b1725dc6166f5d69511cd33bf7ce2c07cfb29282d95841b8ca8c821ded
-
SHA512
558edea154863de71c63ef9e9e0d4f5303a19fb53967a859314760990b17d94c6feed429bef49893681e28536ca5a61a5c1ef6a4cf5b2f9f8b8020cf65ed4d5d
-
SSDEEP
3072:r5fDwnuX9azII1j4BqfwSDWZmgGP+AgyM/9G9L+:r5fuq9azII1j4MfAsgGP+PyM/9s+
Score9/10-
Contacts a large (52901) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-