General
-
Target
8ae443a654bc16b4d8a852bb72522a2ba347759ab21e6140c7b3532921d48053.elf
-
Size
39KB
-
Sample
240705-bx2hqa1gle
-
MD5
92a2b83619fc41e25e83001bba55d561
-
SHA1
0648b9d8027f93c5ac98a67f22ac967c83512910
-
SHA256
8ae443a654bc16b4d8a852bb72522a2ba347759ab21e6140c7b3532921d48053
-
SHA512
aad7b7fcb5a655443f7e09414ebc9793d6c49d6b23c7a2a003361c377e0433b33ecda47bc256947428bc02ee397207395dae0920a2ee98cd172418cccb9285be
-
SSDEEP
768:kytOyBufBP7Gh2Lua+2bMlc6UKSOhnbcuyD7UVQRjEb/Z6TRtc9+:ntVMf+BnKcnouy8VyaBKRC9+
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
8ae443a654bc16b4d8a852bb72522a2ba347759ab21e6140c7b3532921d48053.elf
-
Size
39KB
-
MD5
92a2b83619fc41e25e83001bba55d561
-
SHA1
0648b9d8027f93c5ac98a67f22ac967c83512910
-
SHA256
8ae443a654bc16b4d8a852bb72522a2ba347759ab21e6140c7b3532921d48053
-
SHA512
aad7b7fcb5a655443f7e09414ebc9793d6c49d6b23c7a2a003361c377e0433b33ecda47bc256947428bc02ee397207395dae0920a2ee98cd172418cccb9285be
-
SSDEEP
768:kytOyBufBP7Gh2Lua+2bMlc6UKSOhnbcuyD7UVQRjEb/Z6TRtc9+:ntVMf+BnKcnouy8VyaBKRC9+
-
Contacts a large (20530) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-