General
-
Target
a2ae553b89389d515b47660ec718cf5e.elf
-
Size
125KB
-
Sample
240628-v4ahcs1akj
-
MD5
a2ae553b89389d515b47660ec718cf5e
-
SHA1
c07eb050592dba7c646123942b5f0a6fd253caee
-
SHA256
c28ee2f2b8e72bfe7052c290d86ebbbd7efd58d54163c81565eb0985b27b667a
-
SHA512
16d0b23566ca9f658eff815348c14adc61286319ce196e88d2f7d2def1869bf79b15b756853811a954abf0f1ff478b26a4ade59fe8460c680491a29e7264c1e2
-
SSDEEP
3072:wQrGMMCztfFJsd6BFif4qB92KUe4SaROJIgrU257NPVvidlsk7Fb1lxWy:BrvztfFJsAmpcKUe4SaRO6grUhzFb1lJ
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
a2ae553b89389d515b47660ec718cf5e.elf
-
Size
125KB
-
MD5
a2ae553b89389d515b47660ec718cf5e
-
SHA1
c07eb050592dba7c646123942b5f0a6fd253caee
-
SHA256
c28ee2f2b8e72bfe7052c290d86ebbbd7efd58d54163c81565eb0985b27b667a
-
SHA512
16d0b23566ca9f658eff815348c14adc61286319ce196e88d2f7d2def1869bf79b15b756853811a954abf0f1ff478b26a4ade59fe8460c680491a29e7264c1e2
-
SSDEEP
3072:wQrGMMCztfFJsd6BFif4qB92KUe4SaROJIgrU257NPVvidlsk7Fb1lxWy:BrvztfFJsAmpcKUe4SaRO6grUhzFb1lJ
Score9/10-
Contacts a large (3680) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-