General
-
Target
ab4d56d6837211e5fa9b6dff5a38c8fa
-
Size
49KB
-
Sample
231220-nmy13adheq
-
MD5
ab4d56d6837211e5fa9b6dff5a38c8fa
-
SHA1
459dc219df04ac43ac1719ed5417669e01c84c74
-
SHA256
238b18879df5902e3bd08c7a5adc22a8387a3bbbd889584e1316938ebeb5cc69
-
SHA512
db08783424a4546061065a0e3a4a3c404e62438c6c751494c53ee9365de5805323ff3a110de216aee780817e9820855e9b5746e9fc2fd1c350e96c278eaec155
-
SSDEEP
768:3kvmorM4OfXvjlXJ76oWoo/bgEGWKPcEYPPTgCBP1iPXENO7zDk9y/Yx4nRhEW:3/oAXv9t6MDcEYnTw0EYx4n
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
ab4d56d6837211e5fa9b6dff5a38c8fa
-
Size
49KB
-
MD5
ab4d56d6837211e5fa9b6dff5a38c8fa
-
SHA1
459dc219df04ac43ac1719ed5417669e01c84c74
-
SHA256
238b18879df5902e3bd08c7a5adc22a8387a3bbbd889584e1316938ebeb5cc69
-
SHA512
db08783424a4546061065a0e3a4a3c404e62438c6c751494c53ee9365de5805323ff3a110de216aee780817e9820855e9b5746e9fc2fd1c350e96c278eaec155
-
SSDEEP
768:3kvmorM4OfXvjlXJ76oWoo/bgEGWKPcEYPPTgCBP1iPXENO7zDk9y/Yx4nRhEW:3/oAXv9t6MDcEYnTw0EYx4n
Score9/10-
Contacts a large (75846) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-