General
-
Target
ed47e0360007f63898c4a974344fcf861c476bfad14b284eef7981b5de5b09f3.elf
-
Size
37KB
-
Sample
240509-l8q68sfb88
-
MD5
939f119901a171e7adfa7759b5bffd53
-
SHA1
d83d29264d6c3c05d568505c003c9dae925a25f2
-
SHA256
ed47e0360007f63898c4a974344fcf861c476bfad14b284eef7981b5de5b09f3
-
SHA512
90dc2c7f7f7a7a7c534f5d026741b10950de5d314ab8a775f69a56a77e61854930ae58e862c15c89b4c93524d6c78c5ad087ee23f9aad451d5fe0983c672caf9
-
SSDEEP
768:fG0v3canih6colp+I1VWcNZLWrnbcuyD7Uryqe:u0v3caS6cfn8Srnouy8mqe
Static task
static1
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
ed47e0360007f63898c4a974344fcf861c476bfad14b284eef7981b5de5b09f3.elf
-
Size
37KB
-
MD5
939f119901a171e7adfa7759b5bffd53
-
SHA1
d83d29264d6c3c05d568505c003c9dae925a25f2
-
SHA256
ed47e0360007f63898c4a974344fcf861c476bfad14b284eef7981b5de5b09f3
-
SHA512
90dc2c7f7f7a7a7c534f5d026741b10950de5d314ab8a775f69a56a77e61854930ae58e862c15c89b4c93524d6c78c5ad087ee23f9aad451d5fe0983c672caf9
-
SSDEEP
768:fG0v3canih6colp+I1VWcNZLWrnbcuyD7Uryqe:u0v3caS6cfn8Srnouy8mqe
-
Contacts a large (111548) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-