General
-
Target
da1d433afa683296027ab2c6157e561104580f280b3852d9fe521c2300fc8555.elf
-
Size
39KB
-
Sample
240423-ce6v6abd33
-
MD5
478d56c74bb9537a394d0fbe1be36ef5
-
SHA1
d506a5a5857d875809bf8ba8c237a09dc60e99ec
-
SHA256
da1d433afa683296027ab2c6157e561104580f280b3852d9fe521c2300fc8555
-
SHA512
92d13d34959b07f036b3d2345e42a7daa207911be5378d9cadb0d2debe31c5bb629ee5c95a5150a55cdef0ad45eeeb1da5c7166e4ab58604d84cbe1cbc7bc3f0
-
SSDEEP
768:2lz7A+CG5hCYoLXhXwskN6946kyaS4/JOUrMFXW5zVj7Y2kw7U0y84unbcuyD7Uj:+vAjmhCYodXb2HxJBGXgzVpkw78unou1
Malware Config
Extracted
mirai
UNSTABLE
jswl.bzwl888.sbs
Targets
-
-
Target
da1d433afa683296027ab2c6157e561104580f280b3852d9fe521c2300fc8555.elf
-
Size
39KB
-
MD5
478d56c74bb9537a394d0fbe1be36ef5
-
SHA1
d506a5a5857d875809bf8ba8c237a09dc60e99ec
-
SHA256
da1d433afa683296027ab2c6157e561104580f280b3852d9fe521c2300fc8555
-
SHA512
92d13d34959b07f036b3d2345e42a7daa207911be5378d9cadb0d2debe31c5bb629ee5c95a5150a55cdef0ad45eeeb1da5c7166e4ab58604d84cbe1cbc7bc3f0
-
SSDEEP
768:2lz7A+CG5hCYoLXhXwskN6946kyaS4/JOUrMFXW5zVj7Y2kw7U0y84unbcuyD7Uj:+vAjmhCYodXb2HxJBGXgzVpkw78unou1
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (212295) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder
-