General
-
Target
e3c658517d4c7d370d79b71607fc878a359c93d44f4876abdcf1358f885ffb15.elf
-
Size
30KB
-
Sample
240727-cg8sjashpg
-
MD5
94c8ad02aad22b8b625ae6340d53e69e
-
SHA1
dcc67be65528b750032840c11ed70bf18741e418
-
SHA256
e3c658517d4c7d370d79b71607fc878a359c93d44f4876abdcf1358f885ffb15
-
SHA512
4830b0efad4cb5f713106caf0203b70ae7e0f863c5738d17cc3681f973ea152bb71de97dc0801f213ae95958e46640c7d2f2ec9b2f4bbb3923f9a7ceb7e876bf
-
SSDEEP
768:KlfoA3KYJ7OW3qOsTo2oVYQYOJgGlzDpbuR1Jl:G3N7OFOr2o1VJuj
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
e3c658517d4c7d370d79b71607fc878a359c93d44f4876abdcf1358f885ffb15.elf
-
Size
30KB
-
MD5
94c8ad02aad22b8b625ae6340d53e69e
-
SHA1
dcc67be65528b750032840c11ed70bf18741e418
-
SHA256
e3c658517d4c7d370d79b71607fc878a359c93d44f4876abdcf1358f885ffb15
-
SHA512
4830b0efad4cb5f713106caf0203b70ae7e0f863c5738d17cc3681f973ea152bb71de97dc0801f213ae95958e46640c7d2f2ec9b2f4bbb3923f9a7ceb7e876bf
-
SSDEEP
768:KlfoA3KYJ7OW3qOsTo2oVYQYOJgGlzDpbuR1Jl:G3N7OFOr2o1VJuj
-
Contacts a large (19983) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-