General
-
Target
arm5
-
Size
75KB
-
Sample
240825-fytxgswfre
-
MD5
e646a404cb33e868209bedab26610fba
-
SHA1
0de0fec3ce60e4ea5d6c54c7790174cde6530eb8
-
SHA256
2957f8411f6b837555421b428b55412c2b59534df3347101c5f53636480e6662
-
SHA512
6f372b1f7b5ff3a7c91e040bbafb98817a5bd13a6f0d083f8f741972b559ac1ef5e1de39b40075777920cec4199b3f1c0d787df340723e44e19cd181d99d8801
-
SSDEEP
1536:hOVgbScO0rIfKfvLWnmraNsI14gYugMyQHJtlGQsn1j27cZUyu0Cpz8YY:uXMfynmraNsILCMyYtlAn1jbwpc
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
arm5
-
Size
75KB
-
MD5
e646a404cb33e868209bedab26610fba
-
SHA1
0de0fec3ce60e4ea5d6c54c7790174cde6530eb8
-
SHA256
2957f8411f6b837555421b428b55412c2b59534df3347101c5f53636480e6662
-
SHA512
6f372b1f7b5ff3a7c91e040bbafb98817a5bd13a6f0d083f8f741972b559ac1ef5e1de39b40075777920cec4199b3f1c0d787df340723e44e19cd181d99d8801
-
SSDEEP
1536:hOVgbScO0rIfKfvLWnmraNsI14gYugMyQHJtlGQsn1j27cZUyu0Cpz8YY:uXMfynmraNsILCMyYtlAn1jbwpc
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (450020) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-