General
-
Target
564099ffa57e8f1c182b7696b8815f8bee08e485c08f61f2936447ee955910c0.elf
-
Size
60KB
-
Sample
250308-jbd5ass1et
-
MD5
f4c77d37de1d01ab7014b3c518dfe1ad
-
SHA1
348b990203bfa4ff2553eeed79be06ae3f329ca5
-
SHA256
564099ffa57e8f1c182b7696b8815f8bee08e485c08f61f2936447ee955910c0
-
SHA512
3d47556832dd4e939720eb1109213eccd9ad37ee0eada7d76f8be3e4df0eb9006e9315867875ba21c9146d255842c2877aebcfaebbf4a973f0f5929d022b46c0
-
SSDEEP
1536:l5nK8qV5+me/npejsxktsVuqTsrJsOqZllsSi5uy/K:FqV5+miQjsxkt8uqTsrJsqduyS
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
564099ffa57e8f1c182b7696b8815f8bee08e485c08f61f2936447ee955910c0.elf
-
Size
60KB
-
MD5
f4c77d37de1d01ab7014b3c518dfe1ad
-
SHA1
348b990203bfa4ff2553eeed79be06ae3f329ca5
-
SHA256
564099ffa57e8f1c182b7696b8815f8bee08e485c08f61f2936447ee955910c0
-
SHA512
3d47556832dd4e939720eb1109213eccd9ad37ee0eada7d76f8be3e4df0eb9006e9315867875ba21c9146d255842c2877aebcfaebbf4a973f0f5929d022b46c0
-
SSDEEP
1536:l5nK8qV5+me/npejsxktsVuqTsrJsOqZllsSi5uy/K:FqV5+miQjsxkt8uqTsrJsqduyS
Score9/10-
Contacts a large (14819) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-