General
-
Target
nullnet_load.arm.elf
-
Size
81KB
-
Sample
241008-vhnsvswcqr
-
MD5
3427eb0374873f1695dd9feb0e5db1ea
-
SHA1
0165c5435b93c90206095e3eb5c28a8cdff0303c
-
SHA256
7ed7cbf064b2d49295a28931f8a95258acad0596ef5dea61713e58abafee2a8e
-
SHA512
af210294609a23c28ed667c184cc2ed2e65c0302319f8f9da891a36143018ef94b02da1909e8e5631edab4832c2eec568665231db3483145c7c430f07471c1e4
-
SSDEEP
1536:nPD2dG+bsLPfn2hpej3lzVM9D52c0wIXhkB8t46/foOy3JWpY:PD2dTXeTQJIRE84wfo53JW
Behavioral task
behavioral1
Sample
nullnet_load.arm.elf
Resource
debian9-armhf-20240418-en
Malware Config
Extracted
mirai
ECCHI
Targets
-
-
Target
nullnet_load.arm.elf
-
Size
81KB
-
MD5
3427eb0374873f1695dd9feb0e5db1ea
-
SHA1
0165c5435b93c90206095e3eb5c28a8cdff0303c
-
SHA256
7ed7cbf064b2d49295a28931f8a95258acad0596ef5dea61713e58abafee2a8e
-
SHA512
af210294609a23c28ed667c184cc2ed2e65c0302319f8f9da891a36143018ef94b02da1909e8e5631edab4832c2eec568665231db3483145c7c430f07471c1e4
-
SSDEEP
1536:nPD2dG+bsLPfn2hpej3lzVM9D52c0wIXhkB8t46/foOy3JWpY:PD2dTXeTQJIRE84wfo53JW
Score9/10-
Contacts a large (70369) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-