General
-
Target
e2479a61c04b1976f2e6e85250a57ce6
-
Size
40KB
-
Sample
231220-tkkcsafebm
-
MD5
e2479a61c04b1976f2e6e85250a57ce6
-
SHA1
8a906f53cfb7759427f3097288a99b2b29925d74
-
SHA256
7b154b0d8d2d3fe1e7f1d0f621d5195bf22d354eb27700742c5f7febe6005385
-
SHA512
712d3211ff0a1875436f92910453d72b25b2435509c3cede859d3997157f073ed225078496553338521d80c84167adeb1055191123b6cf4b0ca440596357ef22
-
SSDEEP
768:Wj19aG4lmI9q5/FhOLRG3jJfazcT1QyTkJMPYpU8T1C:WLaGpI9q0RGVfazcJQyTkmPYpUc
Malware Config
Extracted
mirai
BOT
Targets
-
-
Target
e2479a61c04b1976f2e6e85250a57ce6
-
Size
40KB
-
MD5
e2479a61c04b1976f2e6e85250a57ce6
-
SHA1
8a906f53cfb7759427f3097288a99b2b29925d74
-
SHA256
7b154b0d8d2d3fe1e7f1d0f621d5195bf22d354eb27700742c5f7febe6005385
-
SHA512
712d3211ff0a1875436f92910453d72b25b2435509c3cede859d3997157f073ed225078496553338521d80c84167adeb1055191123b6cf4b0ca440596357ef22
-
SSDEEP
768:Wj19aG4lmI9q5/FhOLRG3jJfazcT1QyTkJMPYpU8T1C:WLaGpI9q0RGVfazcJQyTkmPYpUc
Score9/10-
Contacts a large (53981) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-