General
-
Target
6b51c3b90356f14a217f35cfa4b999a2
-
Size
94KB
-
Sample
231219-3hdxnagdbj
-
MD5
6b51c3b90356f14a217f35cfa4b999a2
-
SHA1
338603d2195804bdf36c429ecaf3f6a9abd36265
-
SHA256
837970c582f34b2d24e0e8ca9852eb97b461d512cd9e90e134967dae990e9151
-
SHA512
d131feacdd790d382585e48eec8f863c3a9cd443ba7f7a3a7b1bcfb3b67ba842a1ddcd654e6c124fb1df4976a3063790ef88c78090190d0f6d719771db8153cf
-
SSDEEP
1536:PY+ZfysbXDhbGDds1IULCxn3GO0ZcRDjmTq+URVebzDVnSxRn55G:g+xywRGD9ULCdGO0ZcUTq+URmqg
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
6b51c3b90356f14a217f35cfa4b999a2
-
Size
94KB
-
MD5
6b51c3b90356f14a217f35cfa4b999a2
-
SHA1
338603d2195804bdf36c429ecaf3f6a9abd36265
-
SHA256
837970c582f34b2d24e0e8ca9852eb97b461d512cd9e90e134967dae990e9151
-
SHA512
d131feacdd790d382585e48eec8f863c3a9cd443ba7f7a3a7b1bcfb3b67ba842a1ddcd654e6c124fb1df4976a3063790ef88c78090190d0f6d719771db8153cf
-
SSDEEP
1536:PY+ZfysbXDhbGDds1IULCxn3GO0ZcRDjmTq+URVebzDVnSxRn55G:g+xywRGD9ULCdGO0ZcUTq+URmqg
Score9/10-
Contacts a large (120646) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-