General
-
Target
b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835.elf
-
Size
36KB
-
Sample
240419-b8lxeaed7s
-
MD5
5a938d6d9b64103069be9151d19b41e4
-
SHA1
0519b03db4f95cfa79bbe4d6ebb675634e7c8178
-
SHA256
b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835
-
SHA512
96ee692c2a689c0ea212aed3ccd37f538d8e7f2582ac7493da1e33b9743549a11bda22feeb39c58ee5508c8c71c0464955b60d1fa7f46406ff4b3dfa7b7d2b6e
-
SSDEEP
768:J/hL3imUau24c2TP1jJAGRkaF/3Q/HWau4Gq4uaGiIBS0H3Uo:J/h3i3audcgJAGRdF/g/ju4GqzaGiIBN
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835.elf
-
Size
36KB
-
MD5
5a938d6d9b64103069be9151d19b41e4
-
SHA1
0519b03db4f95cfa79bbe4d6ebb675634e7c8178
-
SHA256
b03e5a62e44af9f96b0dcdab205ed37d7a9c9fa493a91dd778b1d4c9e8145835
-
SHA512
96ee692c2a689c0ea212aed3ccd37f538d8e7f2582ac7493da1e33b9743549a11bda22feeb39c58ee5508c8c71c0464955b60d1fa7f46406ff4b3dfa7b7d2b6e
-
SSDEEP
768:J/hL3imUau24c2TP1jJAGRkaF/3Q/HWau4Gq4uaGiIBS0H3Uo:J/h3i3audcgJAGRdF/g/ju4GqzaGiIBN
-
Contacts a large (110045) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-