General
-
Target
494100c806fe62f35ed5c3be8beff7469d490f0ab1f0bb7e48cff5ee2338c704.elf
-
Size
78KB
-
Sample
250307-enbsgsvjy2
-
MD5
99154e7a3a17fd455bc0131558ac9ca5
-
SHA1
e05cb68fb3ef86f8ed9b33464447931c976d19d2
-
SHA256
494100c806fe62f35ed5c3be8beff7469d490f0ab1f0bb7e48cff5ee2338c704
-
SHA512
9312a49e34448c583541993b9778fa033abeddb62588b6e609c71e4a2db6af64dc0bc886cde06e391997fb40deaa65ee89133ccf718ec273e8c00dc629c46273
-
SSDEEP
1536:dhnAdZrtZo+xc8GvGaA4opT/p9t4KCfp9E6dgNtR9iC8Q+dlMUEi7K+aIGD:0Z5Zu8GvGaA40T/+KCfpqGgNtR9iCAlQ
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
494100c806fe62f35ed5c3be8beff7469d490f0ab1f0bb7e48cff5ee2338c704.elf
-
Size
78KB
-
MD5
99154e7a3a17fd455bc0131558ac9ca5
-
SHA1
e05cb68fb3ef86f8ed9b33464447931c976d19d2
-
SHA256
494100c806fe62f35ed5c3be8beff7469d490f0ab1f0bb7e48cff5ee2338c704
-
SHA512
9312a49e34448c583541993b9778fa033abeddb62588b6e609c71e4a2db6af64dc0bc886cde06e391997fb40deaa65ee89133ccf718ec273e8c00dc629c46273
-
SSDEEP
1536:dhnAdZrtZo+xc8GvGaA4opT/p9t4KCfp9E6dgNtR9iC8Q+dlMUEi7K+aIGD:0Z5Zu8GvGaA40T/+KCfpqGgNtR9iCAlQ
Score9/10-
Contacts a large (164910) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-