General
-
Target
1579-1-0x0000000008048000-0x0000000008060ba0-memory.dmp
-
Size
84KB
-
Sample
240422-2rkwwshd26
-
MD5
d77d29663d73a1b61807e3240445ec3d
-
SHA1
3f9e44389bd1674e7d568950ae91fff0436eba63
-
SHA256
9ca8cd5a7d6c71d6e9d5bf1b1048446bd207e8682decf1ddcd13e0fc8ea40f6d
-
SHA512
8ef8529b877236729742e3f5ba76203844454613ba8fa03046d1e9ed3004a8b6243ae9e41e526598a8f06f1ed8833411b65457b1da3413a275cd1848a31e4ec5
-
SSDEEP
1536:e1Qa8/vgugH0lbDbPYQL2vc4iI+75K+t4EYndIKr/1q3bV:e1Qj/vguo0lrPYQLCc4BgMK4ddIcYV
Behavioral task
behavioral1
Sample
1579-1-0x0000000008048000-0x0000000008060ba0-memory.dmp
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Extracted
mirai
UNSTABLE
jswl.bzwl888.sbs
Targets
-
-
Target
1579-1-0x0000000008048000-0x0000000008060ba0-memory.dmp
-
Size
84KB
-
MD5
d77d29663d73a1b61807e3240445ec3d
-
SHA1
3f9e44389bd1674e7d568950ae91fff0436eba63
-
SHA256
9ca8cd5a7d6c71d6e9d5bf1b1048446bd207e8682decf1ddcd13e0fc8ea40f6d
-
SHA512
8ef8529b877236729742e3f5ba76203844454613ba8fa03046d1e9ed3004a8b6243ae9e41e526598a8f06f1ed8833411b65457b1da3413a275cd1848a31e4ec5
-
SSDEEP
1536:e1Qa8/vgugH0lbDbPYQL2vc4iI+75K+t4EYndIKr/1q3bV:e1Qj/vguo0lrPYQLCc4BgMK4ddIcYV
Score9/10-
Contacts a large (220469) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-