General
-
Target
3be59b3da1e6c2008577b1d52a59e114.elf
-
Size
156KB
-
Sample
240715-ye8kmswdlq
-
MD5
3be59b3da1e6c2008577b1d52a59e114
-
SHA1
2116ad13d859f5aa738f73c74e582ab5a8c933a0
-
SHA256
d182a7dfb900faf985a73b01cc89d83eb01f847ba24101a54a64aa1dc7883edd
-
SHA512
f7273048abcb6ffbc69ab0a47105d3cf4c22eadb85075ee547833bc48f4f381c731c4cf2e814e9c900fc46654b9b387cbb920f45dda8e77c89cd441db705b41f
-
SSDEEP
3072:0d2Q5x11JHLq75Nig2qKdW3QTNt4sleXNJkY8RenBIwOwEanQ3ROlZo:02Q5x11JHLqGg2HWg4torLjwSROle
Behavioral task
behavioral1
Sample
3be59b3da1e6c2008577b1d52a59e114.elf
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
mirai
BOTNET
scan.yerco.xyz
Targets
-
-
Target
3be59b3da1e6c2008577b1d52a59e114.elf
-
Size
156KB
-
MD5
3be59b3da1e6c2008577b1d52a59e114
-
SHA1
2116ad13d859f5aa738f73c74e582ab5a8c933a0
-
SHA256
d182a7dfb900faf985a73b01cc89d83eb01f847ba24101a54a64aa1dc7883edd
-
SHA512
f7273048abcb6ffbc69ab0a47105d3cf4c22eadb85075ee547833bc48f4f381c731c4cf2e814e9c900fc46654b9b387cbb920f45dda8e77c89cd441db705b41f
-
SSDEEP
3072:0d2Q5x11JHLq75Nig2qKdW3QTNt4sleXNJkY8RenBIwOwEanQ3ROlZo:02Q5x11JHLqGg2HWg4torLjwSROle
Score9/10-
Contacts a large (2184712) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes file to system bin folder
-