Extracted

• • Target

    db0fa4b8db0333367e9bda3ab68b8042.i686.elf

  • Size

    35KB

  • MD5

    b51646a8513eeee446c6291d0783a654

  • SHA1

    80539eb3962e6588041e78785947b6ebe34f5ce2

  • SHA256

    ff9e993a9375a2b6a099fd8ddcd201e1e50c75b47020576513f2068605b4dea5

  • SHA512

    7a767042004dd70f8e8cc520cbc24ad138d392cd25cc34af138d70d1ea25a2d394653cd66b7678b3783ed7479c6bed3e063185fb6d310f108f88da963d88f077

  • SSDEEP

    768:m4/GG5zY0VG0zQbHkMwWYoLehOnpLbmonVp8WsoQ3kVnbcuyD7Ufyqm:h1zY0c0zujwWYl0RbmQL8WsRgnouy8qF

  Score

  10^/10

  miraiunstablebotnetdefense_evasiondiscovery

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai

  • Mirai family

    mirai

  • Contacts a large (200795) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder

  behavioral1