General
-
Target
c93a999421b27b414b30b9a62193f9132f2b832df54da85933c60ed36c5935a5.elf
-
Size
36KB
-
Sample
250308-q4qgcsxygw
-
MD5
1fec7c279656ebe83bf75e4d5bf915d9
-
SHA1
7b4e8f333fd38e8d85e7acfe0b0467411cc24171
-
SHA256
c93a999421b27b414b30b9a62193f9132f2b832df54da85933c60ed36c5935a5
-
SHA512
e69f6dbcb30b79133ed1e4e757b8f24f824de1c8cc5747b13c5395950e0574edfe1e5fe5bebf2ef25612dcc27b4477814945094d1f9f233ea9a0352c0dd8f17e
-
SSDEEP
768:m2i9aTNJADAxo3EogjwxBbPDt5U5TYhbNVdWyjtRqY0uwC:uSJAM1ogUxB7Dt5yTidxjtb6
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
c93a999421b27b414b30b9a62193f9132f2b832df54da85933c60ed36c5935a5.elf
-
Size
36KB
-
MD5
1fec7c279656ebe83bf75e4d5bf915d9
-
SHA1
7b4e8f333fd38e8d85e7acfe0b0467411cc24171
-
SHA256
c93a999421b27b414b30b9a62193f9132f2b832df54da85933c60ed36c5935a5
-
SHA512
e69f6dbcb30b79133ed1e4e757b8f24f824de1c8cc5747b13c5395950e0574edfe1e5fe5bebf2ef25612dcc27b4477814945094d1f9f233ea9a0352c0dd8f17e
-
SSDEEP
768:m2i9aTNJADAxo3EogjwxBbPDt5U5TYhbNVdWyjtRqY0uwC:uSJAM1ogUxB7Dt5yTidxjtb6
Score9/10-
Contacts a large (14693) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-