General
-
Target
la.bot.mipsel.elf
-
Size
101KB
-
Sample
241123-jcykbs1may
-
MD5
397bd70e20b4d374913847ef34435cdb
-
SHA1
99365451a3d8fe7c9fe0343c424a92983d90d0ab
-
SHA256
ca45ac7cf1cf30976c20266510359f32b168451dc3858b11142cf44e421ba038
-
SHA512
520fe3f97f9d10a1daa6774f695be50acdf1f8ca7ea21ca0b84be59af1087f5765ef0f1824817bc22e8dc12857b56d74df51c6ea2749906eecacc2e869686eba
-
SSDEEP
3072:VqOeJxttCD5HGWZv7UaJMJa5uzMuFI+bqnD:cOeJxttCD5HGWZjUau4uzPFI+b
Malware Config
Targets
-
-
Target
la.bot.mipsel.elf
-
Size
101KB
-
MD5
397bd70e20b4d374913847ef34435cdb
-
SHA1
99365451a3d8fe7c9fe0343c424a92983d90d0ab
-
SHA256
ca45ac7cf1cf30976c20266510359f32b168451dc3858b11142cf44e421ba038
-
SHA512
520fe3f97f9d10a1daa6774f695be50acdf1f8ca7ea21ca0b84be59af1087f5765ef0f1824817bc22e8dc12857b56d74df51c6ea2749906eecacc2e869686eba
-
SSDEEP
3072:VqOeJxttCD5HGWZv7UaJMJa5uzMuFI+bqnD:cOeJxttCD5HGWZjUau4uzPFI+b
Score9/10-
Contacts a large (29438) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-