General
-
Target
cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd.elf
-
Size
33KB
-
Sample
240213-f3h1sagd79
-
MD5
1fa25a704d6be67b041b62c02dd2b9f7
-
SHA1
ee840fe5aaf7a32eebb972ef043ada01ed586da1
-
SHA256
cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd
-
SHA512
57634cff1fc944341e97deebca79e6cf36f09578a987aa16b5d87a4feb9f19317269651f74d001d220aacebc940aade7a4c16e1cb0c6f29f945bd382d10b4c3a
-
SSDEEP
768:DkT3a5lElCF5CIpadEKUrJqxsk3JS2aEcCYeAAy3t3dGbpBcsX:4T30ElCPvp/7EkeLYtNwBX
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd.elf
-
Size
33KB
-
MD5
1fa25a704d6be67b041b62c02dd2b9f7
-
SHA1
ee840fe5aaf7a32eebb972ef043ada01ed586da1
-
SHA256
cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd
-
SHA512
57634cff1fc944341e97deebca79e6cf36f09578a987aa16b5d87a4feb9f19317269651f74d001d220aacebc940aade7a4c16e1cb0c6f29f945bd382d10b4c3a
-
SSDEEP
768:DkT3a5lElCF5CIpadEKUrJqxsk3JS2aEcCYeAAy3t3dGbpBcsX:4T30ElCPvp/7EkeLYtNwBX
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (73299) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes Audit logs
Deletes logs related to the Linux Audit framework.
-
Deletes itself
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-