General
-
Target
aef80e5f4130350747f75619b2a9bd5b.elf
-
Size
30KB
-
Sample
240802-lggtgsyfng
-
MD5
aef80e5f4130350747f75619b2a9bd5b
-
SHA1
ade320c3c5858db1cde044f0b589c85d967eed00
-
SHA256
64c6ccffcdb9a1e7daafc42c332f1ece3ada2ca8aba7ec5a06e81ee551122492
-
SHA512
cceacc4c6ad4400e84b1cb1d0d456b9054024ace7a1e6f0260b2f40436dc47b2361ac2cad8195afc2779a1496e78f3ba3d16c79eef0d123feda6c5b48a944584
-
SSDEEP
768:vOZUS+ldEfeM3lV7yyIQ6GY82uX2H0waBEKlqs3Uozv:v7S+ldofV2nbarnzv
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
aef80e5f4130350747f75619b2a9bd5b.elf
-
Size
30KB
-
MD5
aef80e5f4130350747f75619b2a9bd5b
-
SHA1
ade320c3c5858db1cde044f0b589c85d967eed00
-
SHA256
64c6ccffcdb9a1e7daafc42c332f1ece3ada2ca8aba7ec5a06e81ee551122492
-
SHA512
cceacc4c6ad4400e84b1cb1d0d456b9054024ace7a1e6f0260b2f40436dc47b2361ac2cad8195afc2779a1496e78f3ba3d16c79eef0d123feda6c5b48a944584
-
SSDEEP
768:vOZUS+ldEfeM3lV7yyIQ6GY82uX2H0waBEKlqs3Uozv:v7S+ldofV2nbarnzv
-
Contacts a large (19769) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-