General
-
Target
4d5c8b29a2182bc15d84f07da9f662bbdb419aed4c3aa12429179768229405df.elf
-
Size
77KB
-
Sample
250202-evspksvmgy
-
MD5
4a98d2fcf5dd30cb04932b754d7d7a53
-
SHA1
ffed0bce8c9166f696215a678ea2e8fd13f9a3bb
-
SHA256
4d5c8b29a2182bc15d84f07da9f662bbdb419aed4c3aa12429179768229405df
-
SHA512
d9edb47c457a4ac8beccbbcf3d20d7d77229e33676cc51202a28e69b2821999b15e85f1f44c0661feaa26e65cbfa8e6f832a3e770899d5f2014236e1ca5eef99
-
SSDEEP
1536:dxnyuLm3sQY9LjH3zSHGaF2FjeWEqvipzptQFCdL20QWdlQOi+XOzP2D:JLssbH3zSmaIYWEqve9tQFCdL2rOXOzO
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
4d5c8b29a2182bc15d84f07da9f662bbdb419aed4c3aa12429179768229405df.elf
-
Size
77KB
-
MD5
4a98d2fcf5dd30cb04932b754d7d7a53
-
SHA1
ffed0bce8c9166f696215a678ea2e8fd13f9a3bb
-
SHA256
4d5c8b29a2182bc15d84f07da9f662bbdb419aed4c3aa12429179768229405df
-
SHA512
d9edb47c457a4ac8beccbbcf3d20d7d77229e33676cc51202a28e69b2821999b15e85f1f44c0661feaa26e65cbfa8e6f832a3e770899d5f2014236e1ca5eef99
-
SSDEEP
1536:dxnyuLm3sQY9LjH3zSHGaF2FjeWEqvipzptQFCdL20QWdlQOi+XOzP2D:JLssbH3zSmaIYWEqve9tQFCdL2rOXOzO
Score9/10-
Contacts a large (43198) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-