General
-
Target
da93efc1cca2bbfbf0ec0c69aaa8e7f4
-
Size
108KB
-
Sample
231220-s3aevshgcr
-
MD5
da93efc1cca2bbfbf0ec0c69aaa8e7f4
-
SHA1
f29e5f81c9d397778fd807b8c8e00ac722f05092
-
SHA256
2ea7a99018a873a566c5b842a95199b6fe97213da81a8805c4db652a231b6e4e
-
SHA512
505a58c5d97cb5fcfbc778bde6c97381ff8e7c84417b96530698ccb7c4a521c72680cb121146b151e1ddd9b571a2b145869d6807f58f31196f12656a221b89fa
-
SSDEEP
1536:ONn8FLw8jCm+T72WPTDlCs1LxlbKt2lXBNiFwFMofx4nNiZvCBPzw/9Z2jUE9O7:hwmlAPflCs1LxlZBKwFdiiNChM/9gPO7
Behavioral task
behavioral1
Sample
da93efc1cca2bbfbf0ec0c69aaa8e7f4
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
da93efc1cca2bbfbf0ec0c69aaa8e7f4
-
Size
108KB
-
MD5
da93efc1cca2bbfbf0ec0c69aaa8e7f4
-
SHA1
f29e5f81c9d397778fd807b8c8e00ac722f05092
-
SHA256
2ea7a99018a873a566c5b842a95199b6fe97213da81a8805c4db652a231b6e4e
-
SHA512
505a58c5d97cb5fcfbc778bde6c97381ff8e7c84417b96530698ccb7c4a521c72680cb121146b151e1ddd9b571a2b145869d6807f58f31196f12656a221b89fa
-
SSDEEP
1536:ONn8FLw8jCm+T72WPTDlCs1LxlbKt2lXBNiFwFMofx4nNiZvCBPzw/9Z2jUE9O7:hwmlAPflCs1LxlZBKwFdiiNChM/9gPO7
Score9/10-
Contacts a large (53616) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-