General
-
Target
a383f2b6ebe679229b51ce6cef92c5af
-
Size
108KB
-
Sample
231220-mh85ssded8
-
MD5
a383f2b6ebe679229b51ce6cef92c5af
-
SHA1
62ad008cedd9cd569c46082d3436e0c18c45e21b
-
SHA256
41bdd49f237f8e611ba29f43854a891da0dd235b14987f7917cba2d52ddeba43
-
SHA512
7f77020e9dc8948a95e29f5467097d4d88e64028eaa0beb90fe29656535987fc6346b56e797419ee1bf2a7694e2e93bd6f14eb354e18445f65cbe4f7113b3afd
-
SSDEEP
3072:UwCICuOPigs1LxlIBfwiFeiZzCdM/9X/O7:UwCK1gs1Lxl4wPiZzeM/9X/O7
Behavioral task
behavioral1
Sample
a383f2b6ebe679229b51ce6cef92c5af
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
a383f2b6ebe679229b51ce6cef92c5af
-
Size
108KB
-
MD5
a383f2b6ebe679229b51ce6cef92c5af
-
SHA1
62ad008cedd9cd569c46082d3436e0c18c45e21b
-
SHA256
41bdd49f237f8e611ba29f43854a891da0dd235b14987f7917cba2d52ddeba43
-
SHA512
7f77020e9dc8948a95e29f5467097d4d88e64028eaa0beb90fe29656535987fc6346b56e797419ee1bf2a7694e2e93bd6f14eb354e18445f65cbe4f7113b3afd
-
SSDEEP
3072:UwCICuOPigs1LxlIBfwiFeiZzCdM/9X/O7:UwCK1gs1Lxl4wPiZzeM/9X/O7
Score9/10-
Contacts a large (53269) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-