Extracted

• • Target

    firmware.i686.elf

  • Size

    101KB

  • MD5

    2cb5cdc62ece570034995dd68e7ce0b8

  • SHA1

    4b67160529b4cfb453edb044d1bbc72354a8a6fd

  • SHA256

    8d23109f3365229684e31928b371aecb9d3fbd1e70dad90f27faf620a51be444

  • SHA512

    399b0b95fb63b17046d65e40b390d86cc73bd0fd08f6684b01e18d9a3f2de6945ce89baea0ca3609076846f924465a45aadc1344eee23eaf399c689a2eb87896

  • SSDEEP

    1536:LOZydcr6EN6EvILDG4VjMW6MSybVpUWiZ4BSGS3yRIplX8mlnCs3j7:LOB6EQ3G4VZ6MzbZieBSGS3yRElX+sP

  Score

  10^/10

  miraibotnetdiscoverypersistencerootkit

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Contacts a large (46944) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Loads a kernel module

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  behavioral1