General
-
Target
x.elf
-
Size
98KB
-
Sample
250309-svwccstqy2
-
MD5
19bceb4c707ae429c4a33dff9383c48e
-
SHA1
d7e6ac8d804109a9f6417212b61b5bc2f9947c55
-
SHA256
e2eb0ec61c1754a4571a1435862814c33c5ecb7d5e488a3c06a87edaba6716cb
-
SHA512
3527c8dc955985c868ef08cdb72e8e677a354cb00acfb4d2ca502347b3b89b5154429f7419dd87b92da3ac777d811045a8f6e1c38dc2243ae75c92b168e54fb4
-
SSDEEP
3072:f1H2CF9AkcGIU2lKhbt1AN91bUeMc39mQLNZ6Ut:9W69IUCa41bUeMc39mQBvt
Malware Config
Extracted
mirai
APEP
Targets
-
-
Target
x.elf
-
Size
98KB
-
MD5
19bceb4c707ae429c4a33dff9383c48e
-
SHA1
d7e6ac8d804109a9f6417212b61b5bc2f9947c55
-
SHA256
e2eb0ec61c1754a4571a1435862814c33c5ecb7d5e488a3c06a87edaba6716cb
-
SHA512
3527c8dc955985c868ef08cdb72e8e677a354cb00acfb4d2ca502347b3b89b5154429f7419dd87b92da3ac777d811045a8f6e1c38dc2243ae75c92b168e54fb4
-
SSDEEP
3072:f1H2CF9AkcGIU2lKhbt1AN91bUeMc39mQLNZ6Ut:9W69IUCa41bUeMc39mQBvt
Score9/10-
Contacts a large (162901) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-