General
-
Target
g4za.mpsl.elf
-
Size
106KB
-
Sample
250324-njyk5aywhy
-
MD5
ed2b7029eb271f664ad2d1d6cf1e35c0
-
SHA1
6cd7d31b5aa658a51ab2d67e6b2601b5dd41439f
-
SHA256
0faeb27bd79cd96a6e59f93bafc66d50552a9ae1b6150a2436b55138dcb5bff7
-
SHA512
68d5d6aad359741593ae097bc6e7245168e08a2e1268353653a2d70dcdedb1a0fd393ada7874f53453acf7eb7d84335efc1c7ad2a75dbf57854b32f7916ca3bf
-
SSDEEP
1536:sAcC99ax1OOEEX8DZnMiNj7GYoGmFPCQvGgscOYgtZ8Tm:sZC99axQObKMiBdgscO9om
Malware Config
Extracted
mirai
WICKED
Targets
-
-
Target
g4za.mpsl.elf
-
Size
106KB
-
MD5
ed2b7029eb271f664ad2d1d6cf1e35c0
-
SHA1
6cd7d31b5aa658a51ab2d67e6b2601b5dd41439f
-
SHA256
0faeb27bd79cd96a6e59f93bafc66d50552a9ae1b6150a2436b55138dcb5bff7
-
SHA512
68d5d6aad359741593ae097bc6e7245168e08a2e1268353653a2d70dcdedb1a0fd393ada7874f53453acf7eb7d84335efc1c7ad2a75dbf57854b32f7916ca3bf
-
SSDEEP
1536:sAcC99ax1OOEEX8DZnMiNj7GYoGmFPCQvGgscOYgtZ8Tm:sZC99axQObKMiBdgscO9om
Score9/10-
Contacts a large (120580) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads process memory
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
-