General
-
Target
nklarm5.elf
-
Size
51KB
-
Sample
250310-b7mgjsylz9
-
MD5
b1e5cd6656d464d23fe45ad11bf71c6e
-
SHA1
baa24baeff643c4987a700cf78ac9b3c4f174bab
-
SHA256
8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b
-
SHA512
89e133983892bed2ec7c17d6be24c4daa92b2c4461d5b8a867d7fc991a1f64a53be48a8b378704898910d6ea5d418edf2c6aad5f3326209b1eaba5701c8cde07
-
SSDEEP
768:gz/VLG4Kc9tJRaY/39XHSxFjqRsQo8CZya5NPWgt5tA1xz9NsI4X0s46gl:WVatk39XwjqSvZya5Fjt5AZM
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
nklarm5.elf
-
Size
51KB
-
MD5
b1e5cd6656d464d23fe45ad11bf71c6e
-
SHA1
baa24baeff643c4987a700cf78ac9b3c4f174bab
-
SHA256
8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b
-
SHA512
89e133983892bed2ec7c17d6be24c4daa92b2c4461d5b8a867d7fc991a1f64a53be48a8b378704898910d6ea5d418edf2c6aad5f3326209b1eaba5701c8cde07
-
SSDEEP
768:gz/VLG4Kc9tJRaY/39XHSxFjqRsQo8CZya5NPWgt5tA1xz9NsI4X0s46gl:WVatk39XwjqSvZya5Fjt5AZM
Score9/10-
Contacts a large (186162) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates running processes
Discovers information about currently running processes on the system
-