General
-
Target
arm5
-
Size
162KB
-
Sample
240828-1pv4eaxgpc
-
MD5
cec43927cf4346dd0774f00f88c07828
-
SHA1
52b151f2380e90d18e0904a4459f84e184c75017
-
SHA256
b37a66441fd2288d0d762dbb593d85fefa1be132c495c1f4453499767153b070
-
SHA512
6c68feb62ca3689bd1ec6a023cb507c857faf3c6a85e547209971259213722909e846e3ab958d41dca620c9d662783797f5b12cc1a7a53db5c54fd7128de2017
-
SSDEEP
3072:64DaPALuaVCdRfPAAQu4SX4Rv2kbiCiCV8:fDDkHHAAQfSX4ROWbij
Behavioral task
behavioral1
Sample
arm5
Resource
debian9-armhf-20240611-en
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
arm5
-
Size
162KB
-
MD5
cec43927cf4346dd0774f00f88c07828
-
SHA1
52b151f2380e90d18e0904a4459f84e184c75017
-
SHA256
b37a66441fd2288d0d762dbb593d85fefa1be132c495c1f4453499767153b070
-
SHA512
6c68feb62ca3689bd1ec6a023cb507c857faf3c6a85e547209971259213722909e846e3ab958d41dca620c9d662783797f5b12cc1a7a53db5c54fd7128de2017
-
SSDEEP
3072:64DaPALuaVCdRfPAAQu4SX4Rv2kbiCiCV8:fDDkHHAAQfSX4ROWbij
Score9/10-
Contacts a large (1460777) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-