General
-
Target
loligang.x86.elf
-
Size
64KB
-
Sample
241218-p3lw4s1ken
-
MD5
953ad20f4b1242ad0b141152fb0cc3db
-
SHA1
a5923e1acb45f85e8ac4bf72c059551dee461ed5
-
SHA256
f148ef3515d7cf4dce720b4abf4c3e15b83bfaee58cf387a4c25a0850ac10de0
-
SHA512
6c83fb32015b0c0f2de4275aa0d575152bde8f072c5a955e2e1cf7b9556c21a182722fae6593d17f09104a93536fcd9f84bf90104c56f06b0cbb75c3bc5ecab0
-
SSDEEP
1536:IIG9170vwHbQXZ5+qXDEuXi9aBSW7V/DjObeFt6PuQ4Z6:I917iwHbQXZ5+qXA59eSWZ/XObeb6GZZ
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
loligang.x86.elf
-
Size
64KB
-
MD5
953ad20f4b1242ad0b141152fb0cc3db
-
SHA1
a5923e1acb45f85e8ac4bf72c059551dee461ed5
-
SHA256
f148ef3515d7cf4dce720b4abf4c3e15b83bfaee58cf387a4c25a0850ac10de0
-
SHA512
6c83fb32015b0c0f2de4275aa0d575152bde8f072c5a955e2e1cf7b9556c21a182722fae6593d17f09104a93536fcd9f84bf90104c56f06b0cbb75c3bc5ecab0
-
SSDEEP
1536:IIG9170vwHbQXZ5+qXDEuXi9aBSW7V/DjObeFt6PuQ4Z6:I917iwHbQXZ5+qXA59eSWZ/XObeb6GZZ
Score9/10-
Contacts a large (20712) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-