General
-
Target
87c8c67efb90918b1f4da145f4ac84fdfb24f3a4fcb0f6f228038f38ff377e2a.elf
-
Size
59KB
-
Sample
250202-e8pj3sxmep
-
MD5
9b6ff521a1159fff1aed4e07d5358870
-
SHA1
f21dd3e43512818d9d7cc23a32dbf7f695c921f6
-
SHA256
87c8c67efb90918b1f4da145f4ac84fdfb24f3a4fcb0f6f228038f38ff377e2a
-
SHA512
dc9e2ed8dc89f6ef189aee1bd7c9d766e511462c00e8f661016a8357e29cf0cc778da3250714f70a45bbbe903f5f8084231b1fa63b74b6373e8587267856b614
-
SSDEEP
1536:1hn7qJHYmrXT9ee7SZWXI2JVnQVrAz1qallWRit++Uv:oHYm7Ae7SZ0/JVnQVrAzeu++2
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
87c8c67efb90918b1f4da145f4ac84fdfb24f3a4fcb0f6f228038f38ff377e2a.elf
-
Size
59KB
-
MD5
9b6ff521a1159fff1aed4e07d5358870
-
SHA1
f21dd3e43512818d9d7cc23a32dbf7f695c921f6
-
SHA256
87c8c67efb90918b1f4da145f4ac84fdfb24f3a4fcb0f6f228038f38ff377e2a
-
SHA512
dc9e2ed8dc89f6ef189aee1bd7c9d766e511462c00e8f661016a8357e29cf0cc778da3250714f70a45bbbe903f5f8084231b1fa63b74b6373e8587267856b614
-
SSDEEP
1536:1hn7qJHYmrXT9ee7SZWXI2JVnQVrAz1qallWRit++Uv:oHYm7Ae7SZ0/JVnQVrAzeu++2
Score9/10-
Contacts a large (6720) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-