General
-
Target
x86.elf
-
Size
29KB
-
Sample
240503-fga32shf35
-
MD5
ad9e6788e549220e3a985bcad8e9c8e4
-
SHA1
856d27e7e159e7e8511195e01f06673eaefb4f9b
-
SHA256
4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4
-
SHA512
eb5c426704b5fa2e8b721db9d224c607fb0db41b744d0491e0e2e459e9e95bb584ccd592d241e827301104478b9d4cf29c6c159cb306997ba2da0b3b564c6ab5
-
SSDEEP
768:ELZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsznbcuyD7U0/2j:FMtmij8wyVcj5xnouy8jj
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
x86.elf
-
Size
29KB
-
MD5
ad9e6788e549220e3a985bcad8e9c8e4
-
SHA1
856d27e7e159e7e8511195e01f06673eaefb4f9b
-
SHA256
4fa26b78cfdd3f8b01a71ca21887edf09992df20e9e0af039912273e04ccdad4
-
SHA512
eb5c426704b5fa2e8b721db9d224c607fb0db41b744d0491e0e2e459e9e95bb584ccd592d241e827301104478b9d4cf29c6c159cb306997ba2da0b3b564c6ab5
-
SSDEEP
768:ELZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsznbcuyD7U0/2j:FMtmij8wyVcj5xnouy8jj
-
Contacts a large (111551) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-