General
-
Target
SecuriteInfo.com.Linux.Siggen.9999.28176.3818.elf
-
Size
28KB
-
Sample
240425-psbndsag72
-
MD5
5fcf827521ca236e06e8de70b29f294b
-
SHA1
323ee4bc5f95705700f6d942d017f230f59de0fd
-
SHA256
87a060aa73b265bb4a4336636cb698bfbbb2816b102f4363412ec0ff12f272fc
-
SHA512
04324901cb24d9d83db6eb7a3fda5f37266099c67e1be66afe816890462a2a67946976eb25259ffd890e851f4df4381c474220260da9b853173ce7bda58cafbf
-
SSDEEP
384:lZafyAaXspkybkZwe3WKU7vUMiFTygskWwdn5ojl/Yx00b1GPVRzqjXrPpxy0XRn:l+y1XsBbd8Xy3jgoA5kl/glw9RopnBW6
Malware Config
Extracted
mirai
LZRD
www.sushiking.world
s.sushiking.world
Targets
-
-
Target
SecuriteInfo.com.Linux.Siggen.9999.28176.3818.elf
-
Size
28KB
-
MD5
5fcf827521ca236e06e8de70b29f294b
-
SHA1
323ee4bc5f95705700f6d942d017f230f59de0fd
-
SHA256
87a060aa73b265bb4a4336636cb698bfbbb2816b102f4363412ec0ff12f272fc
-
SHA512
04324901cb24d9d83db6eb7a3fda5f37266099c67e1be66afe816890462a2a67946976eb25259ffd890e851f4df4381c474220260da9b853173ce7bda58cafbf
-
SSDEEP
384:lZafyAaXspkybkZwe3WKU7vUMiFTygskWwdn5ojl/Yx00b1GPVRzqjXrPpxy0XRn:l+y1XsBbd8Xy3jgoA5kl/glw9RopnBW6
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-