General
-
Target
6f35104a34e9387f3963dfe7e92f30fa
-
Size
109KB
-
Sample
231219-3vz1nacfg4
-
MD5
6f35104a34e9387f3963dfe7e92f30fa
-
SHA1
2a75e8ab821d8b3324028ae6da6a21732c0fd5bd
-
SHA256
21f7ba43e7293b5eef06d67f0574ffe291a5346b7799bea9dbb4a945f9614aef
-
SHA512
8aa9f14edb8c567c67440133992237cf44ef3259937834c6631ffb7188ed27af122ea36b6ae769a4c63271b3273264ad47b6a1f01fd713a3547ed07af17f8938
-
SSDEEP
3072:R0fOdOiMRyssfthw04XiuaXV6rMM/9FhO7:R0fOcyssfthl45aF6gM/9XO7
Behavioral task
behavioral1
Sample
6f35104a34e9387f3963dfe7e92f30fa
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
6f35104a34e9387f3963dfe7e92f30fa
-
Size
109KB
-
MD5
6f35104a34e9387f3963dfe7e92f30fa
-
SHA1
2a75e8ab821d8b3324028ae6da6a21732c0fd5bd
-
SHA256
21f7ba43e7293b5eef06d67f0574ffe291a5346b7799bea9dbb4a945f9614aef
-
SHA512
8aa9f14edb8c567c67440133992237cf44ef3259937834c6631ffb7188ed27af122ea36b6ae769a4c63271b3273264ad47b6a1f01fd713a3547ed07af17f8938
-
SSDEEP
3072:R0fOdOiMRyssfthw04XiuaXV6rMM/9FhO7:R0fOcyssfthl45aF6gM/9XO7
Score9/10-
Contacts a large (53256) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-