General
-
Target
a57272b705b11bf0eadf67c949da346f
-
Size
78KB
-
Sample
231220-msyf2sbbdr
-
MD5
a57272b705b11bf0eadf67c949da346f
-
SHA1
3649d3157e3f590c9bcee48d8fd57d4cd1f8fdc8
-
SHA256
72bb27733964352bbc502f5f59f0e3af5ada55a2faa4be1eb45ee4c057e6bd00
-
SHA512
a88b4d3b5d5fd97779be8fcb241a42e82736a16347198213846f285741accbb3dfa726facbae11c615bc756c51b1cb5e13f97f19d6f3c8385fb5a8bfdf532703
-
SSDEEP
1536:h8lSsCpWC44E8t45I/b3zz1TT5ChADpnYspa/ieeC2qdS2qEHHEGyxRnr:h8ss784Mnx1aADpnYb/ieeC2aq3
Behavioral task
behavioral1
Sample
a57272b705b11bf0eadf67c949da346f
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
ch.silynigr.xyz
horse.silynigr.xyz
Targets
-
-
Target
a57272b705b11bf0eadf67c949da346f
-
Size
78KB
-
MD5
a57272b705b11bf0eadf67c949da346f
-
SHA1
3649d3157e3f590c9bcee48d8fd57d4cd1f8fdc8
-
SHA256
72bb27733964352bbc502f5f59f0e3af5ada55a2faa4be1eb45ee4c057e6bd00
-
SHA512
a88b4d3b5d5fd97779be8fcb241a42e82736a16347198213846f285741accbb3dfa726facbae11c615bc756c51b1cb5e13f97f19d6f3c8385fb5a8bfdf532703
-
SSDEEP
1536:h8lSsCpWC44E8t45I/b3zz1TT5ChADpnYspa/ieeC2qdS2qEHHEGyxRnr:h8ss784Mnx1aADpnYb/ieeC2aq3
Score9/10-
Contacts a large (286581) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-