General
-
Target
amen.arm6.elf
-
Size
137KB
-
Sample
250202-v4er3stphp
-
MD5
0c0cee1b0701176c1acccefe1c5b5e0e
-
SHA1
a1869dd1e265a5a40a72f397df807e723dbec234
-
SHA256
508698d784b86689fb9ef5cf974f60dfeb9a70762bbc332e1fd7c965c60ad7bd
-
SHA512
3d9d6176c96e7740c796ba2f29c5f3b4d77e8f0be40f60806ca74b9261efcfadccc1e1dd669b0ea33b22879f3e81ccbb7d7eb213c7a45e8aebdd0a4b11c341de
-
SSDEEP
3072:og/7OZw1/87lkTvKQoWdA/UvYqHWWgztQhxVjHte:ozZ07hoWdA/UAqHAztQhxVTte
Malware Config
Extracted
mirai
AMEN
Targets
-
-
Target
amen.arm6.elf
-
Size
137KB
-
MD5
0c0cee1b0701176c1acccefe1c5b5e0e
-
SHA1
a1869dd1e265a5a40a72f397df807e723dbec234
-
SHA256
508698d784b86689fb9ef5cf974f60dfeb9a70762bbc332e1fd7c965c60ad7bd
-
SHA512
3d9d6176c96e7740c796ba2f29c5f3b4d77e8f0be40f60806ca74b9261efcfadccc1e1dd669b0ea33b22879f3e81ccbb7d7eb213c7a45e8aebdd0a4b11c341de
-
SSDEEP
3072:og/7OZw1/87lkTvKQoWdA/UvYqHWWgztQhxVjHte:ozZ07hoWdA/UAqHAztQhxVTte
Score9/10-
Contacts a large (180235) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Traces itself
Traces itself to prevent debugging attempts
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-