General
-
Target
d1a147e54c0dcff06963d09b0625bebb
-
Size
105KB
-
Sample
231220-sgccbsbafl
-
MD5
d1a147e54c0dcff06963d09b0625bebb
-
SHA1
43e9d78cc0dbccd99c0b61ef80afd4b19cd26fda
-
SHA256
780c51208b5deba82fc38c48545f4cd49af69f61570e01815299bd4e911de849
-
SHA512
cd2ece61c160cd17c5957f0539be2c87f6ecf54dc70ef14dc1b3906114c7407b20167007a74075a1cdf3bfba40bffabd0a1ce1b2dab8edfa4578b01c5f35e378
-
SSDEEP
3072:QhfMcBqJoNVu6K4M9p4V2SyHv0vM/9oiTX8:QhfMnUVu6K4Mj4IHvoM/958
Behavioral task
behavioral1
Sample
d1a147e54c0dcff06963d09b0625bebb
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
mirai
LARRY
cnc.junoland.xyz
scan.junoland.xyz
Targets
-
-
Target
d1a147e54c0dcff06963d09b0625bebb
-
Size
105KB
-
MD5
d1a147e54c0dcff06963d09b0625bebb
-
SHA1
43e9d78cc0dbccd99c0b61ef80afd4b19cd26fda
-
SHA256
780c51208b5deba82fc38c48545f4cd49af69f61570e01815299bd4e911de849
-
SHA512
cd2ece61c160cd17c5957f0539be2c87f6ecf54dc70ef14dc1b3906114c7407b20167007a74075a1cdf3bfba40bffabd0a1ce1b2dab8edfa4578b01c5f35e378
-
SSDEEP
3072:QhfMcBqJoNVu6K4M9p4V2SyHv0vM/9oiTX8:QhfMnUVu6K4Mj4IHvoM/958
Score9/10-
Contacts a large (53973) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-