General
-
Target
e0530a0fc645f34a922d727c00d55b7d
-
Size
98KB
-
Sample
231220-te5frsgdg8
-
MD5
e0530a0fc645f34a922d727c00d55b7d
-
SHA1
cc80b600c50e5bc7013f7ef04478d7aab4b22438
-
SHA256
1880f987462bac577548767aa254d5872c235ad3c7736bb6f9fc034d9834098f
-
SHA512
e30f8e85a16cd51c13b405803d9de4231c4cc65d644ef902d9b4160641f1c3c0395ad573ac13aa0ce34e979a74583d7cf28c00f2d109f50aadbdaf5bf32404de
-
SSDEEP
1536:NOVLC833r8Ko+ConQtB2xKeX5Jz2dny7921oTBevfTHx64eGK9EGMxRnC/:NOpCEBCoO2xKGJO22OevfTHxQB/
Behavioral task
behavioral1
Sample
e0530a0fc645f34a922d727c00d55b7d
Resource
debian9-mipsbe-20231215-en
Malware Config
Extracted
mirai
BOT
ch.silynigr.xyz
horse.silynigr.xyz
Targets
-
-
Target
e0530a0fc645f34a922d727c00d55b7d
-
Size
98KB
-
MD5
e0530a0fc645f34a922d727c00d55b7d
-
SHA1
cc80b600c50e5bc7013f7ef04478d7aab4b22438
-
SHA256
1880f987462bac577548767aa254d5872c235ad3c7736bb6f9fc034d9834098f
-
SHA512
e30f8e85a16cd51c13b405803d9de4231c4cc65d644ef902d9b4160641f1c3c0395ad573ac13aa0ce34e979a74583d7cf28c00f2d109f50aadbdaf5bf32404de
-
SSDEEP
1536:NOVLC833r8Ko+ConQtB2xKeX5Jz2dny7921oTBevfTHx64eGK9EGMxRnC/:NOpCEBCoO2xKGJO22OevfTHxQB/
Score9/10-
Contacts a large (179247) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-