General
-
Target
f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6.elf
-
Size
27KB
-
Sample
240426-b28slaha5z
-
MD5
6f3474f1cd0a4ffad5c1264ecf0e8a32
-
SHA1
9fed71fc34f2d61b7e159502b96e4ac5b2e8bb30
-
SHA256
f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6
-
SHA512
a26d0924a05a9daed32aa3de821e624cc49532d010f2f6898ac22344d60a302cbf3210351b63bcc5533e2c84742350afae84a293c1183e2a47195fffe200e790
-
SSDEEP
768:DbdX14mC31ecSKqEI8e+rGPRRtIDAfnlnnZ9AEzEJgGlzDpbuR1JF:DBX14mC31enKqEI/+CriYlnZ9H8VJur
Malware Config
Extracted
mirai
LZRD
www.sushiking.world
s.sushiking.world
Targets
-
-
Target
f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6.elf
-
Size
27KB
-
MD5
6f3474f1cd0a4ffad5c1264ecf0e8a32
-
SHA1
9fed71fc34f2d61b7e159502b96e4ac5b2e8bb30
-
SHA256
f04972bd93af551702198a699553adfc3c66bc044d8e30b18edfe56dbaa650a6
-
SHA512
a26d0924a05a9daed32aa3de821e624cc49532d010f2f6898ac22344d60a302cbf3210351b63bcc5533e2c84742350afae84a293c1183e2a47195fffe200e790
-
SSDEEP
768:DbdX14mC31ecSKqEI8e+rGPRRtIDAfnlnnZ9AEzEJgGlzDpbuR1JF:DBX14mC31enKqEI/+CriYlnZ9H8VJur
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-