General
-
Target
d2b09064b486bce8885444c18f48ebdb
-
Size
34KB
-
Sample
231220-sjgptsbghn
-
MD5
d2b09064b486bce8885444c18f48ebdb
-
SHA1
45baffd30135757affa73779a1434fc59e5750a4
-
SHA256
3b542dcfe0030dd1e2a9b1dd0499b7cf6c12391af2e09b39bc37d1ba6da30bf4
-
SHA512
21c2acd8b4436e828213157c002a3c49aa4bfd608f66f1c66df0c291ce3285af89066dc381f80ef12f89cf26ca3dd4052cccd7de9f902a62cff26587a6b08ffb
-
SSDEEP
768:kuB0X2VT51qAiEsCRAiSTwE3Hk9+yq3IjYb:9B0X2V11qdiS8aE9+y2Ij
Malware Config
Extracted
mirai
LARRY
xd.botnet.services
meow.botnet.services
Targets
-
-
Target
d2b09064b486bce8885444c18f48ebdb
-
Size
34KB
-
MD5
d2b09064b486bce8885444c18f48ebdb
-
SHA1
45baffd30135757affa73779a1434fc59e5750a4
-
SHA256
3b542dcfe0030dd1e2a9b1dd0499b7cf6c12391af2e09b39bc37d1ba6da30bf4
-
SHA512
21c2acd8b4436e828213157c002a3c49aa4bfd608f66f1c66df0c291ce3285af89066dc381f80ef12f89cf26ca3dd4052cccd7de9f902a62cff26587a6b08ffb
-
SSDEEP
768:kuB0X2VT51qAiEsCRAiSTwE3Hk9+yq3IjYb:9B0X2V11qdiS8aE9+y2Ij
Score9/10-
Contacts a large (53627) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-