General
-
Target
la.bot.x86_64
-
Size
100KB
-
Sample
241010-x8cjmasfja
-
MD5
a3f67ac224de01e16985b4267ee604aa
-
SHA1
6bfe1b330a564e0b33099cd7f0fbd3cea4c0c7a5
-
SHA256
e0434ad08fdfe7930eddd5c2ae1de32432b784d513db5819c98956c1302f2bb1
-
SHA512
2b8720a2863ff346f35cfc1569227faf1afb42565053cf7f588e126fb4f57d41b18de5fd4a96b885fa69a3f9fd5a7d867edafea57c6a209ac268d94b2bc1fdb7
-
SSDEEP
1536:ltvbwv3laTn/rm2gnmJcc8SAkFKavilQq8IeTHH:ltva8Tn/rmzSAovib8IeTH
Malware Config
Targets
-
-
Target
la.bot.x86_64
-
Size
100KB
-
MD5
a3f67ac224de01e16985b4267ee604aa
-
SHA1
6bfe1b330a564e0b33099cd7f0fbd3cea4c0c7a5
-
SHA256
e0434ad08fdfe7930eddd5c2ae1de32432b784d513db5819c98956c1302f2bb1
-
SHA512
2b8720a2863ff346f35cfc1569227faf1afb42565053cf7f588e126fb4f57d41b18de5fd4a96b885fa69a3f9fd5a7d867edafea57c6a209ac268d94b2bc1fdb7
-
SSDEEP
1536:ltvbwv3laTn/rm2gnmJcc8SAkFKavilQq8IeTHH:ltva8Tn/rmzSAovib8IeTH
Score9/10-
Contacts a large (14233) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-