General
-
Target
la.bot.mipsel.elf
-
Size
120KB
-
Sample
241121-pxc21ssgmm
-
MD5
20995b45f2150bd39d33907ca0dbfdd8
-
SHA1
dc67d2e126ffbee8ffc60e706b58821a166bf0af
-
SHA256
24d67676bc13718702cb598ba6c72f57045807cfa2fc362763bc80b5c8589306
-
SHA512
94046ba9c4c53bfc3f39e5d0a35134a30e7db39a0cb58f1e70b66d57b8cb525c86a33dd79179fb2eaa825ae413fe4f03901e82d7d99e945b363e4bee4971125d
-
SSDEEP
1536:jB9R7kSNE+YBoECGADIKho1kTsoHFXLQIo8MXe7YFFZ74sm2mJVl1nzsTE:jB9pkSuNBonGYImo1AVkVFFlmJVvnV
Malware Config
Targets
-
-
Target
la.bot.mipsel.elf
-
Size
120KB
-
MD5
20995b45f2150bd39d33907ca0dbfdd8
-
SHA1
dc67d2e126ffbee8ffc60e706b58821a166bf0af
-
SHA256
24d67676bc13718702cb598ba6c72f57045807cfa2fc362763bc80b5c8589306
-
SHA512
94046ba9c4c53bfc3f39e5d0a35134a30e7db39a0cb58f1e70b66d57b8cb525c86a33dd79179fb2eaa825ae413fe4f03901e82d7d99e945b363e4bee4971125d
-
SSDEEP
1536:jB9R7kSNE+YBoECGADIKho1kTsoHFXLQIo8MXe7YFFZ74sm2mJVl1nzsTE:jB9pkSuNBonGYImo1AVkVFFlmJVvnV
Score9/10-
Contacts a large (29725) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-