General
-
Target
bd81d8a2f8678b523e950743c5500629
-
Size
57KB
-
Sample
231220-q6cy2sbgaj
-
MD5
bd81d8a2f8678b523e950743c5500629
-
SHA1
eefe6ad7a2709f007cd30b8081eb0932827bfa2f
-
SHA256
4e4bfa4cea81408116ae77e7d8d6926a8fec0a902dc258b3a75128a6034548fe
-
SHA512
cca422b2ce17e7c8dc8249ff93f59e2ccc9df2bcc08d5114bc9881e43dddc996c0df67c3681828817dfd4423a649d0140f237fb614336735fa4dd986cdc09e00
-
SSDEEP
1536:tCrZuHG3Dh5Wm3umFRQwPBeagftBuHYvAxRni:tC5DVemFqMeagfXd
Behavioral task
behavioral1
Sample
bd81d8a2f8678b523e950743c5500629
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
bd81d8a2f8678b523e950743c5500629
-
Size
57KB
-
MD5
bd81d8a2f8678b523e950743c5500629
-
SHA1
eefe6ad7a2709f007cd30b8081eb0932827bfa2f
-
SHA256
4e4bfa4cea81408116ae77e7d8d6926a8fec0a902dc258b3a75128a6034548fe
-
SHA512
cca422b2ce17e7c8dc8249ff93f59e2ccc9df2bcc08d5114bc9881e43dddc996c0df67c3681828817dfd4423a649d0140f237fb614336735fa4dd986cdc09e00
-
SSDEEP
1536:tCrZuHG3Dh5Wm3umFRQwPBeagftBuHYvAxRni:tC5DVemFqMeagfXd
Score9/10-
Contacts a large (52892) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-