General
-
Target
296cfde231042f4a645a26c25bf13a09.elf
-
Size
74KB
-
Sample
240421-abftfsdh6y
-
MD5
296cfde231042f4a645a26c25bf13a09
-
SHA1
a56da7a9c0511c08ab22bdf7d9f1ec0e1f6f7709
-
SHA256
b6538d6af7fc74e1f6d2d49177df9d83debbf5972f485812f5811920fd86ca11
-
SHA512
cc8996561ae9691bcb6ed2b57cd9926276d3d131794bcefffbb047b4956650111c853a3f8845c0dd9d2cfbda6de2d681f1fb5bcdfb1d23169482623e94015ab0
-
SSDEEP
1536:JEfduRD5QPhnK/toxtIpunxn6ksx2mPx7yGMRmINK1Ga8hWaLYXw5VR:UdkOPhoaxtzxn6GmJyRmT1GtWacA57
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
296cfde231042f4a645a26c25bf13a09.elf
-
Size
74KB
-
MD5
296cfde231042f4a645a26c25bf13a09
-
SHA1
a56da7a9c0511c08ab22bdf7d9f1ec0e1f6f7709
-
SHA256
b6538d6af7fc74e1f6d2d49177df9d83debbf5972f485812f5811920fd86ca11
-
SHA512
cc8996561ae9691bcb6ed2b57cd9926276d3d131794bcefffbb047b4956650111c853a3f8845c0dd9d2cfbda6de2d681f1fb5bcdfb1d23169482623e94015ab0
-
SSDEEP
1536:JEfduRD5QPhnK/toxtIpunxn6ksx2mPx7yGMRmINK1Ga8hWaLYXw5VR:UdkOPhoaxtzxn6GmJyRmT1GtWacA57
-
Contacts a large (20488) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-