General
-
Target
vcimanagement.armv6l.elf
-
Size
145KB
-
Sample
241230-mv6v7sxnfv
-
MD5
4d5d939d9f14a6f2133a2b173cb15f9f
-
SHA1
1462face0585b17bde10bf2db62c3bc5be28fda2
-
SHA256
c217c90e664d88795b6f43be7abce452aec5c1294453aeb0b8403c0e3ed3f85e
-
SHA512
8802ac5c5d54a5c656294cd3909d7aea75a0ba0dcd2e0b7f2a767efd48677a8d648090134c04fe533caf4cc11cae2865cf06e21b9cbcb114978327b4d58a6327
-
SSDEEP
3072:w70Sk+l4qj79b6nEVaBY0drhDnkkqCjhhWmgc4gSwoRnbNL:w/nUEVa7dikqCjPWmgc4gSwoRnbNL
Malware Config
Targets
-
-
Target
vcimanagement.armv6l.elf
-
Size
145KB
-
MD5
4d5d939d9f14a6f2133a2b173cb15f9f
-
SHA1
1462face0585b17bde10bf2db62c3bc5be28fda2
-
SHA256
c217c90e664d88795b6f43be7abce452aec5c1294453aeb0b8403c0e3ed3f85e
-
SHA512
8802ac5c5d54a5c656294cd3909d7aea75a0ba0dcd2e0b7f2a767efd48677a8d648090134c04fe533caf4cc11cae2865cf06e21b9cbcb114978327b4d58a6327
-
SSDEEP
3072:w70Sk+l4qj79b6nEVaBY0drhDnkkqCjhhWmgc4gSwoRnbNL:w/nUEVa7dikqCjPWmgc4gSwoRnbNL
Score9/10-
Contacts a large (23373) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-