Extracted

• • Target

    xd.arm7.elf

  • Size

    52KB

  • MD5

    083ddecd49eed980ef89af94453bfb89

  • SHA1

    06d749420aaa525443d9a43677d72724283c3a44

  • SHA256

    8f53c8bfbbd14897015e3f613bda1e2c52d1e7607480f5c075ac36d7c3d72a16

  • SHA512

    d8a881e0daf82e21b141e3ffa72538e24aad4bd34f7f4c5c4efa11e6fcab46b1e0d324d7495f0dd652e68e9262404d270e2c8894f4aa85de22e6d2e666c5650a

  • SSDEEP

    768:BMte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLr94fgP69q3UELbOn:BM84ISRX63dZQbS5rzZ94f6LIVmWjl

  Score

  10^/10

  mirailzrdbotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (19783) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1