Extracted

• • Target

    e671a2bf621373f124ec11b6267d81e42750d8b6f03b8ff0da69d762d119a93f.elf

  • Size

    31KB

  • MD5

    d69b8013c54a4206648ed81000048ba4

  • SHA1

    08d069c7b50e1684a6f6cdb7c76a5234a3daf5b7

  • SHA256

    e671a2bf621373f124ec11b6267d81e42750d8b6f03b8ff0da69d762d119a93f

  • SHA512

    fd021fb361fa12c97c4c43c172eabd0decf8aa84949c17add12279aa74fad9e9c00f8c5d917c5b3b2a596047ef0454009e11d9040036d7f2e35df580cc8c5e74

  • SSDEEP

    768:69Zq5uAJ1noD2YLwQJJTqox4Z16p+/shEur0jjs3Uoz1R:69mHoDZZUZDiB5zj

  Score

  10^/10

  miraimiraibotnetdiscoveryevasion

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (64485) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Changes its process name

  • Deletes Audit logs

    Deletes logs related to the Linux Audit framework.

    evasion

  • Deletes itself

  • Deletes system logs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Deletes log files

    Deletes log files on the system.

  behavioral1