General
-
Target
la.bot.mips.elf
-
Size
99KB
-
Sample
241123-jesf4a1mc1
-
MD5
a5da6231ab2a423f0bf7fad1a31024fa
-
SHA1
918c3c53b15a6c88af39a8c017fa5719ad37fa74
-
SHA256
cc352ff2955801b4b45890fc408af9bf4fc67094716dd701ead7ee922c375035
-
SHA512
851cd689115431f30f83b172b16090fc3cfe698a6b6f094685e5c62421d7f2c3939a024c137bd47e4e7473976179b2a3bd4cdaad171c8d9e027bc99a2099c0e7
-
SSDEEP
3072:3AUuIdNMvsHdHEUG789ZEhdTZg1CWD6obn3UnT:3e48sHKjqTDPm
Malware Config
Targets
-
-
Target
la.bot.mips.elf
-
Size
99KB
-
MD5
a5da6231ab2a423f0bf7fad1a31024fa
-
SHA1
918c3c53b15a6c88af39a8c017fa5719ad37fa74
-
SHA256
cc352ff2955801b4b45890fc408af9bf4fc67094716dd701ead7ee922c375035
-
SHA512
851cd689115431f30f83b172b16090fc3cfe698a6b6f094685e5c62421d7f2c3939a024c137bd47e4e7473976179b2a3bd4cdaad171c8d9e027bc99a2099c0e7
-
SSDEEP
3072:3AUuIdNMvsHdHEUG789ZEhdTZg1CWD6obn3UnT:3e48sHKjqTDPm
Score9/10-
Contacts a large (21448) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Deletes log files
Deletes log files on the system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-