General
-
Target
amen.arm.elf
-
Size
74KB
-
Sample
250202-v4egbasja1
-
MD5
03666c3e21ab4f2b15945ff70e8a8687
-
SHA1
333317b101e12fbd98da6ff906f1bd7a20e61d55
-
SHA256
60ea8e57afee69bc5655ac527fe13c5071b4a693573772c44796e44126ef2381
-
SHA512
dd6310c25ec1c8a0828663c2314ad3c9e30ec8cd2021133681479929b74c4ee0e46e0187982eda961bd9a3576fb2d41518059f2a7f0aa2d3c26be50f5499db72
-
SSDEEP
1536:zo6MKmUUGUt+VHfIp9Dtx+gZHpVxnCIvs8Z7l5CF8a/qj68:HpmlDwHfIvrRrxnz0Oh5CF8a/qj
Malware Config
Extracted
mirai
AMEN
Targets
-
-
Target
amen.arm.elf
-
Size
74KB
-
MD5
03666c3e21ab4f2b15945ff70e8a8687
-
SHA1
333317b101e12fbd98da6ff906f1bd7a20e61d55
-
SHA256
60ea8e57afee69bc5655ac527fe13c5071b4a693573772c44796e44126ef2381
-
SHA512
dd6310c25ec1c8a0828663c2314ad3c9e30ec8cd2021133681479929b74c4ee0e46e0187982eda961bd9a3576fb2d41518059f2a7f0aa2d3c26be50f5499db72
-
SSDEEP
1536:zo6MKmUUGUt+VHfIp9Dtx+gZHpVxnCIvs8Z7l5CF8a/qj68:HpmlDwHfIvrRrxnz0Oh5CF8a/qj
Score9/10-
Contacts a large (181446) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself
Traces itself to prevent debugging attempts
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-