General
-
Target
71fe95680f2a063f4a836a443438e5309c9d44637de8761d7ee5615caeb8cbdf.elf
-
Size
78KB
-
Sample
240313-cwjf7acb73
-
MD5
275eb6cd6b3069ea7ece58b0d6923752
-
SHA1
8c50cd5bc74c92297472b8cd5523845d842dfe0a
-
SHA256
71fe95680f2a063f4a836a443438e5309c9d44637de8761d7ee5615caeb8cbdf
-
SHA512
23859f4a1dbaa6f87d7a40551d980fe19c16abc7baf41f0a3cb6e90f165ae3b1f1bc6d67ab04f6f00656596120e151f56a78b96f534dba2fabca8620df7164bd
-
SSDEEP
1536:vGFfut16/jhZRcogB2UHqsZMDuPSwtOA3B:+Ffut16LhLgB2U/O
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
71fe95680f2a063f4a836a443438e5309c9d44637de8761d7ee5615caeb8cbdf.elf
-
Size
78KB
-
MD5
275eb6cd6b3069ea7ece58b0d6923752
-
SHA1
8c50cd5bc74c92297472b8cd5523845d842dfe0a
-
SHA256
71fe95680f2a063f4a836a443438e5309c9d44637de8761d7ee5615caeb8cbdf
-
SHA512
23859f4a1dbaa6f87d7a40551d980fe19c16abc7baf41f0a3cb6e90f165ae3b1f1bc6d67ab04f6f00656596120e151f56a78b96f534dba2fabca8620df7164bd
-
SSDEEP
1536:vGFfut16/jhZRcogB2UHqsZMDuPSwtOA3B:+Ffut16LhLgB2U/O
Score9/10-
Contacts a large (4158) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-