Extracted

• • Target

    xd.arm.elf

  • Size

    35KB

  • MD5

    6856a7a8feb0592ba82aafdf6d5fcc8c

  • SHA1

    bfdc3ca6a60a546b72a1bfecc036c0459eca3c69

  • SHA256

    ab07aa532d5e8bc8f6c811cc04f884bd8d991390a8db34b32ef8a6a5733a0e02

  • SHA512

    981f623bde726388de0d592a7afd92c34b99c99d121459240ac0743ad33747f7980a3203c9bf4228adb8a59725414424b150bd6e1d7421d933df9d38d34ecfb2

  • SSDEEP

    768:0bAbsP5R35GrEBb3PuwNch7r6rJp2nhSimK/VI8Os3UozB:0bksXpDBb3PDNgr6rJchSimeVISzB

  Score

  10^/10

  mirailzrdbotnetcredential_accessdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (20645) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads process memory

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  behavioral1