General
-
Target
1559-1-0x0000000000400000-0x0000000000524748-memory.dmp
-
Size
69KB
-
Sample
240212-v9n8pscc77
-
MD5
f38ca08d687989196c02903db58eae03
-
SHA1
bdbcb153eaf1db45a179feb7cfe1fd37f93ef73c
-
SHA256
58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c
-
SHA512
92143248a9e2f68860e6111e0a45915f77d16493a95820865e71dd7896c4cc559f3067aa13633ca6203f2812559ec6987b7f816b3a083b1b9546d78566e9c96e
-
SSDEEP
1536:aocdNAcs299EkhjgvZyoiPPWA6pRs0afqcl2rjTaXHjPE5UZLGBgHxyQ:qdiX29/hgvZ2PWAAqfEnMHj9LGB+sQ
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
1559-1-0x0000000000400000-0x0000000000524748-memory.dmp
-
Size
69KB
-
MD5
f38ca08d687989196c02903db58eae03
-
SHA1
bdbcb153eaf1db45a179feb7cfe1fd37f93ef73c
-
SHA256
58fd767fd281ead35ef21dcbc831629fa4a9855dc70800cf94cb91cdd7503d7c
-
SHA512
92143248a9e2f68860e6111e0a45915f77d16493a95820865e71dd7896c4cc559f3067aa13633ca6203f2812559ec6987b7f816b3a083b1b9546d78566e9c96e
-
SSDEEP
1536:aocdNAcs299EkhjgvZyoiPPWA6pRs0afqcl2rjTaXHjPE5UZLGBgHxyQ:qdiX29/hgvZ2PWAAqfEnMHj9LGB+sQ
-
Contacts a large (71644) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-