General
-
Target
4730105d00af6296688da0b51f3b9be8ea81a4844a3a1d9996256fc218920f28.elf
-
Size
274KB
-
Sample
240425-br81lscg74
-
MD5
6cef4e41b58be6fb4e2dd50c783c0c87
-
SHA1
fd5ded3422f64c3930e6541bd54dfb1083916f66
-
SHA256
4730105d00af6296688da0b51f3b9be8ea81a4844a3a1d9996256fc218920f28
-
SHA512
fbdd467bbf0a3b3cec9564075bfd5d977900acb502d1c15bfb9ba6920bea3cda92c62f15cf50c7335ffb43d6046581c0020a90cec3b6227b61a6b93135e5fe42
-
SSDEEP
6144:Uxc6tV4HX2TmFGR+WgB+Pjq32p5PPyMwsUpE9BNKaOA5IsY/Vi5iaL:KUtm+5QPjq3SIpLaOAGNK
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
4730105d00af6296688da0b51f3b9be8ea81a4844a3a1d9996256fc218920f28.elf
-
Size
274KB
-
MD5
6cef4e41b58be6fb4e2dd50c783c0c87
-
SHA1
fd5ded3422f64c3930e6541bd54dfb1083916f66
-
SHA256
4730105d00af6296688da0b51f3b9be8ea81a4844a3a1d9996256fc218920f28
-
SHA512
fbdd467bbf0a3b3cec9564075bfd5d977900acb502d1c15bfb9ba6920bea3cda92c62f15cf50c7335ffb43d6046581c0020a90cec3b6227b61a6b93135e5fe42
-
SSDEEP
6144:Uxc6tV4HX2TmFGR+WgB+Pjq32p5PPyMwsUpE9BNKaOA5IsY/Vi5iaL:KUtm+5QPjq3SIpLaOAGNK
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder
-