General
-
Target
5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1.elf
-
Size
244KB
-
Sample
240425-bxnlvsda5w
-
MD5
cef396530992f79dea5d6d8209fc8ee7
-
SHA1
cdaa0b93d9299a00b90edb4b617a9f89c3aa322f
-
SHA256
5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1
-
SHA512
8c7ffcd35b5db373bae1ce7621c97508082aeea2ed1061a167c509d4ca13f1c9e8a30d630e550ffa48ae82c1d0742af62243cd0e93d413f21b69dffd1558fafd
-
SSDEEP
6144:cvZy8EpPYGg9XlNAI61A6OMLf+ZBse1kZcR6:Brg9Xlh6S+8se1x6
Static task
static1
Behavioral task
behavioral1
Sample
5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1.elf
Resource
debian9-armhf-20240226-en
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1.elf
-
Size
244KB
-
MD5
cef396530992f79dea5d6d8209fc8ee7
-
SHA1
cdaa0b93d9299a00b90edb4b617a9f89c3aa322f
-
SHA256
5c21a3451c7f4bcb6737a8904efc7ea9ee10b3994f324b2ece1610883c2394f1
-
SHA512
8c7ffcd35b5db373bae1ce7621c97508082aeea2ed1061a167c509d4ca13f1c9e8a30d630e550ffa48ae82c1d0742af62243cd0e93d413f21b69dffd1558fafd
-
SSDEEP
6144:cvZy8EpPYGg9XlNAI61A6OMLf+ZBse1kZcR6:Brg9Xlh6S+8se1x6
Score10/10-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder
-