General
-
Target
b1b78459677cdeac6941f148cb62bb1d
-
Size
30KB
-
Sample
231220-pgfg7sbhb3
-
MD5
b1b78459677cdeac6941f148cb62bb1d
-
SHA1
514c3d6442f464ae93bb4c881c9a575128e055dc
-
SHA256
55646ad45ebbb3e16077f804b50a463c7c197642191beb7918a5ed3011be0024
-
SHA512
0dc6b93e718090bac3d2eab015ea41dc326f77ac453c79d80ba2ef7459c609f4551a60008b025ddd4e1a538ccf551e3c3555fc77c323e491bb36aebd2f50a49c
-
SSDEEP
384:fdCXZGKFibyb3dgfHlNFH9KiHsfKS70w+/d5uj/BcYgP27V9wMhscJ1B99TfsRjp:sJGAiKGvlbucDE/UP2jnJ3fIjLhK98n
Malware Config
Extracted
mirai
LARRY
cnc.junoland.xyz
scan.junoland.xyz
Targets
-
-
Target
b1b78459677cdeac6941f148cb62bb1d
-
Size
30KB
-
MD5
b1b78459677cdeac6941f148cb62bb1d
-
SHA1
514c3d6442f464ae93bb4c881c9a575128e055dc
-
SHA256
55646ad45ebbb3e16077f804b50a463c7c197642191beb7918a5ed3011be0024
-
SHA512
0dc6b93e718090bac3d2eab015ea41dc326f77ac453c79d80ba2ef7459c609f4551a60008b025ddd4e1a538ccf551e3c3555fc77c323e491bb36aebd2f50a49c
-
SSDEEP
384:fdCXZGKFibyb3dgfHlNFH9KiHsfKS70w+/d5uj/BcYgP27V9wMhscJ1B99TfsRjp:sJGAiKGvlbucDE/UP2jnJ3fIjLhK98n
Score9/10-
Contacts a large (54344) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-