Extracted

• • Target

    88c79861db59b77929664c394e358d0b

  • Size

    38KB

  • MD5

    88c79861db59b77929664c394e358d0b

  • SHA1

    a71ca0425134c53ee85c138fe0368bda5cc38519

  • SHA256

    99f4c6bfeb08243dfb4bd9f5d8efd4a43c04564b5f1f79132ae9749ae749e9aa

  • SHA512

    dc96024f195fff90eefc549a41d2a82972fd2eeadeb7f1806de2d5fa67a6a1d2914abebeeaf6a57ea3646530eedc796048b48d5829127644a09a68198c02ebec

  • SSDEEP

    768:mCTCqdab2OtrXwmJ/UYB39nJWdbJcB23iOq/ouWRT:Lab2K7VB3LabiE3u/6

  Score

  10^/10

  miraikytonbotnetdiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (101133) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Writes file to system bin folder

  behavioral1