General
-
Target
47b6d35e402f464f362e32d728f9b0b1.bin
-
Size
30KB
-
Sample
240326-chnhzsbf73
-
MD5
d0ac28218027919a766c7215253826ed
-
SHA1
2263963d24c34b626289628b5b1874f78582ac70
-
SHA256
2af04b44bbdd90dca6f2c4ba26269f2ebe1626f7967b651e276ddc869c086b72
-
SHA512
4b96910efad27cb0eb62c22828f118dc90f4ed810f734883f0e86945b8673988ff8838042ea16677f95af06842d22db7995750c2ed69aa4633f049ac8a99a432
-
SSDEEP
384:YHp7V9LgTkgi+hb9J5wRq2Y9zhLV1TBIDoGZJwjpk7vdB/R563qP9jor08QFvbqw:o7rV+PJK0LDV1ImOlNR50qPhNJpbqJA9
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d.elf
-
Size
31KB
-
MD5
47b6d35e402f464f362e32d728f9b0b1
-
SHA1
4a2b566ccf3bacaacaecf9408594114da0141325
-
SHA256
7a3a141da6cf5d5d60e9f9388799362b750c404518617406d03ad42722538e1d
-
SHA512
906772b0f1bb418a63b3c46b2978302e6febbc3c45b5eed81392a1acf201358a4c564c354f67235053f11a0a898a41a3237079336b3fd2dfe49f8668e8c3f33c
-
SSDEEP
384:/n6Ppdqf3I54hJulN7s1kNYTA/fKiFs4V9B6f8Oj0bCwFtNKpugmQ/zTRWGVCz0m:P4YuDs1kNJ/fKiFUf8OGCgG/bdWJ
-
Contacts a large (20713) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-