General
-
Target
la.bot.mips.elf
-
Size
118KB
-
Sample
241121-pderhawpgj
-
MD5
82f249828b9ad33ed0926bc5d0195d36
-
SHA1
c4d812e645b672e734a2115062f81430ed8459c8
-
SHA256
e4ca7686ae287c44b9a6041b71f309786fe361d8461bdad4aa9d80f8da3331cc
-
SHA512
327745790997f3d1392c5dba269af6ef8ad213b0e5ca4f431152a7cf5b1429a6ee7ae9fb413ba120b44c77e44ed3b3b946371229a3d3fc896651da4f8ce1016c
-
SSDEEP
3072:JmUuH13XyyDWczb0lpTtI6uXGWy7yXdVnecp1kj:JmTV3XDhXGzHG1c
Malware Config
Targets
-
-
Target
la.bot.mips.elf
-
Size
118KB
-
MD5
82f249828b9ad33ed0926bc5d0195d36
-
SHA1
c4d812e645b672e734a2115062f81430ed8459c8
-
SHA256
e4ca7686ae287c44b9a6041b71f309786fe361d8461bdad4aa9d80f8da3331cc
-
SHA512
327745790997f3d1392c5dba269af6ef8ad213b0e5ca4f431152a7cf5b1429a6ee7ae9fb413ba120b44c77e44ed3b3b946371229a3d3fc896651da4f8ce1016c
-
SSDEEP
3072:JmUuH13XyyDWczb0lpTtI6uXGWy7yXdVnecp1kj:JmTV3XDhXGzHG1c
Score9/10-
Contacts a large (23558) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-