General
-
Target
16a9d0a22e69e66728747bbc3490b407
-
Size
142KB
-
Sample
231224-2nyzcafccq
-
MD5
16a9d0a22e69e66728747bbc3490b407
-
SHA1
b91d9902e67ca9cd6d8df7cf9eca341e49ac62e9
-
SHA256
fc9aa55efe4638867d5e5059820a322ecfbf785c76407e75fe33218df79eca6b
-
SHA512
e90f0a2a9b157b5913238c5d4fe5fac33052bae3c3380a518d5c8f2106e1c918f40f41f8579be96713839f13013005058e86281a33d4bb6ac3015c1aa80e1830
-
SSDEEP
3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X
Malware Config
Targets
-
-
Target
16a9d0a22e69e66728747bbc3490b407
-
Size
142KB
-
MD5
16a9d0a22e69e66728747bbc3490b407
-
SHA1
b91d9902e67ca9cd6d8df7cf9eca341e49ac62e9
-
SHA256
fc9aa55efe4638867d5e5059820a322ecfbf785c76407e75fe33218df79eca6b
-
SHA512
e90f0a2a9b157b5913238c5d4fe5fac33052bae3c3380a518d5c8f2106e1c918f40f41f8579be96713839f13013005058e86281a33d4bb6ac3015c1aa80e1830
-
SSDEEP
3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X
Score7/10-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-