General
-
Target
70fba938d2e205844b8858e271469b11.elf
-
Size
45KB
-
Sample
240704-kv1m3stanj
-
MD5
70fba938d2e205844b8858e271469b11
-
SHA1
494453698f35da0855c392426379e81c655c3608
-
SHA256
b945e14f52049b7385e55d5f2a810fdd1a870c5c30d6f4ad663df306761fd1d3
-
SHA512
71584fda0343c2758e87df94aa85be495028eba26358dffefa4ba0cb150abf7eb78edafe519e071ed62a1560e4b97c9b7e73a1e08ba20d2258a77db99d2b4c06
-
SSDEEP
768:cnNI/V8f31EUmCh7fz7QHPkGqqDEwecrOvgwiD7dcRfwr0IecL1FdHWWQkNylUtA:zVSq67b7QpqqDEUw6qeIry1R0
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
70fba938d2e205844b8858e271469b11.elf
-
Size
45KB
-
MD5
70fba938d2e205844b8858e271469b11
-
SHA1
494453698f35da0855c392426379e81c655c3608
-
SHA256
b945e14f52049b7385e55d5f2a810fdd1a870c5c30d6f4ad663df306761fd1d3
-
SHA512
71584fda0343c2758e87df94aa85be495028eba26358dffefa4ba0cb150abf7eb78edafe519e071ed62a1560e4b97c9b7e73a1e08ba20d2258a77db99d2b4c06
-
SSDEEP
768:cnNI/V8f31EUmCh7fz7QHPkGqqDEwecrOvgwiD7dcRfwr0IecL1FdHWWQkNylUtA:zVSq67b7QpqqDEUw6qeIry1R0
-
Contacts a large (20449) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-