General
-
Target
def66ddad4892f25da8ed7dc18359ab5f62915d65cbb475a92cf6df5d88dea32.elf
-
Size
82KB
-
Sample
250320-ewnf9axlz4
-
MD5
31e516ce6c5fc7b6da97c38e18dfda2b
-
SHA1
f5f41ea7c7d384df77844fc264d6323bb52047ec
-
SHA256
def66ddad4892f25da8ed7dc18359ab5f62915d65cbb475a92cf6df5d88dea32
-
SHA512
8b7c2f11da24b98ce501563cca3ffd7135da786ee34284b3d3d0f46c2cfc2842443ef69fa4763e5c059d9e27f3854a4aa2feb2e3bfc5e3564eb98e6463903cf8
-
SSDEEP
1536:pNniE2DPxWXa1Jo+FXMqxqHKqzrhhaa3nh9G/Okt4ijfcPsq7ll09iEnwr8VXPbT:D27xFJo+FXFxqHK+0CTG/rt4ijfcP+rR
Behavioral task
behavioral1
Sample
def66ddad4892f25da8ed7dc18359ab5f62915d65cbb475a92cf6df5d88dea32.elf
Resource
debian12-armhf-20240221-en
Malware Config
Extracted
mirai
BOTNET
Targets
-
-
Target
def66ddad4892f25da8ed7dc18359ab5f62915d65cbb475a92cf6df5d88dea32.elf
-
Size
82KB
-
MD5
31e516ce6c5fc7b6da97c38e18dfda2b
-
SHA1
f5f41ea7c7d384df77844fc264d6323bb52047ec
-
SHA256
def66ddad4892f25da8ed7dc18359ab5f62915d65cbb475a92cf6df5d88dea32
-
SHA512
8b7c2f11da24b98ce501563cca3ffd7135da786ee34284b3d3d0f46c2cfc2842443ef69fa4763e5c059d9e27f3854a4aa2feb2e3bfc5e3564eb98e6463903cf8
-
SSDEEP
1536:pNniE2DPxWXa1Jo+FXMqxqHKqzrhhaa3nh9G/Okt4ijfcPsq7ll09iEnwr8VXPbT:D27xFJo+FXFxqHK+0CTG/rt4ijfcP+rR
Score9/10-
Contacts a large (73846) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-