General
-
Target
b3e1748f775812a5d1b4eec6ec050caa
-
Size
30KB
-
Sample
240305-fyxclsga56
-
MD5
b3e1748f775812a5d1b4eec6ec050caa
-
SHA1
85b288c087da0ec6a0206a39efac3b658a14f9b4
-
SHA256
0f64ef3072c91ff14975afebfb75017a6c2f2a74f0d4dd011ae6e4b930f1f635
-
SHA512
8a8670534c8d243acaa9165949e31a888cf8c515617ed14aa003646941c9a90853fe6cbcac3fd7816c0806df435b337a49bcc1d57265fdee6d1a01d3fd749d06
-
SSDEEP
768:dyvYLznDEB2iC+sDzV0qQSFDc9amzWG/YarXIJgGlzDpbuR1Ji:4YnnDEBI+slcSFDc9amSGQ3VJuA
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
b3e1748f775812a5d1b4eec6ec050caa
-
Size
30KB
-
MD5
b3e1748f775812a5d1b4eec6ec050caa
-
SHA1
85b288c087da0ec6a0206a39efac3b658a14f9b4
-
SHA256
0f64ef3072c91ff14975afebfb75017a6c2f2a74f0d4dd011ae6e4b930f1f635
-
SHA512
8a8670534c8d243acaa9165949e31a888cf8c515617ed14aa003646941c9a90853fe6cbcac3fd7816c0806df435b337a49bcc1d57265fdee6d1a01d3fd749d06
-
SSDEEP
768:dyvYLznDEB2iC+sDzV0qQSFDc9amzWG/YarXIJgGlzDpbuR1Ji:4YnnDEBI+slcSFDc9amSGQ3VJuA
-
Contacts a large (20226) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-