General
-
Target
54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c.elf
-
Size
274KB
-
Sample
240425-bvj6nach36
-
MD5
28df757f694fefc6d25939e65348753b
-
SHA1
aa82f4a94ad10b29ac8540a4984032b686fe1632
-
SHA256
54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c
-
SHA512
fdd557b487f2730ac79dd2299bd203493fa40437c3da7b6cf0b6c8eb05535eee78fd5f124549feb65d2b5731bb42cbab2610c7ea879c006510aa8e3422c8ace8
-
SSDEEP
6144:Qt0eKnj/dQW/n3gGgzVHJl/44wrm9NrOIiMf4J+wvWMUxc:QtvUai3SrXdOIFgvuMR
Malware Config
Targets
-
-
Target
54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c.elf
-
Size
274KB
-
MD5
28df757f694fefc6d25939e65348753b
-
SHA1
aa82f4a94ad10b29ac8540a4984032b686fe1632
-
SHA256
54bfe1a78064d443fb977ad79eab1dda0d4588dc7644882d7f16d04ab270745c
-
SHA512
fdd557b487f2730ac79dd2299bd203493fa40437c3da7b6cf0b6c8eb05535eee78fd5f124549feb65d2b5731bb42cbab2610c7ea879c006510aa8e3422c8ace8
-
SSDEEP
6144:Qt0eKnj/dQW/n3gGgzVHJl/44wrm9NrOIiMf4J+wvWMUxc:QtvUai3SrXdOIFgvuMR
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder
-