General
-
Target
5eb18646783d07c355464d324d8d92231d363559d1b6e2d091c0465994e25347.elf
-
Size
78KB
-
Sample
240703-bqbcystgrj
-
MD5
a3ebd12533ca91d72400d239523e8a10
-
SHA1
26b0105497a75d6f471185883771d49226afcee7
-
SHA256
5eb18646783d07c355464d324d8d92231d363559d1b6e2d091c0465994e25347
-
SHA512
61ce3e91242cbfa5e2d0330021c22153e66d4d5843f4427afccfc8d2f41fe57f329b97cf52948cfc509351327902624ef722e57c2ade640c1923c84ca8aed571
-
SSDEEP
1536:gGFfut163vDh5RZIghWrMQIrOkMj7vyKrWFKOh:vFfut16LhughWAnSWY
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
5eb18646783d07c355464d324d8d92231d363559d1b6e2d091c0465994e25347.elf
-
Size
78KB
-
MD5
a3ebd12533ca91d72400d239523e8a10
-
SHA1
26b0105497a75d6f471185883771d49226afcee7
-
SHA256
5eb18646783d07c355464d324d8d92231d363559d1b6e2d091c0465994e25347
-
SHA512
61ce3e91242cbfa5e2d0330021c22153e66d4d5843f4427afccfc8d2f41fe57f329b97cf52948cfc509351327902624ef722e57c2ade640c1923c84ca8aed571
-
SSDEEP
1536:gGFfut163vDh5RZIghWrMQIrOkMj7vyKrWFKOh:vFfut16LhughWAnSWY
Score9/10-
Contacts a large (15036) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-