General
-
Target
80677f3fefcb4903824992e35c57c96f
-
Size
36KB
-
Sample
231220-dw8azsdbb9
-
MD5
80677f3fefcb4903824992e35c57c96f
-
SHA1
9078503d91dd6c41f55827ca98d4e15521258f41
-
SHA256
5df44f790926fb1d3e56cc234ee2230e92b76a010c7b4a7a2d9e0648c50e671e
-
SHA512
ac917785620f872835b66ac6fc4ebfae549d1235ad8573f024667366e6c4c90c82296a81e0dd0800040cb3257fc27c887a7411845ff869f12102301a62c35de2
-
SSDEEP
768:gBPDYajoPKP1/b8bdtQSGvhIAL/TKuGsyRzIfP:+YajoP+hb8htg/+uGs6zIfP
Malware Config
Extracted
mirai
DISTORTION
cnc.bonkers-botnet.xyz
scan.bonkers-botnet.xyz
Targets
-
-
Target
80677f3fefcb4903824992e35c57c96f
-
Size
36KB
-
MD5
80677f3fefcb4903824992e35c57c96f
-
SHA1
9078503d91dd6c41f55827ca98d4e15521258f41
-
SHA256
5df44f790926fb1d3e56cc234ee2230e92b76a010c7b4a7a2d9e0648c50e671e
-
SHA512
ac917785620f872835b66ac6fc4ebfae549d1235ad8573f024667366e6c4c90c82296a81e0dd0800040cb3257fc27c887a7411845ff869f12102301a62c35de2
-
SSDEEP
768:gBPDYajoPKP1/b8bdtQSGvhIAL/TKuGsyRzIfP:+YajoP+hb8htg/+uGs6zIfP
Score9/10-
Contacts a large (57575) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-