Sample details: 6bd53065c0e9ead0af5fd5b572267d63 --

Hashes
MD5: 6bd53065c0e9ead0af5fd5b572267d63
SHA1: bb19ed799038dc2ff4a73c9ba51c9a5271004bc5
SHA256: b2ed1e7530f23c03338fa0d3304480a66abc4d02b2e4beb165c338c63980982f
SSDEEP: 1536:B/bivQhunOtaewt4ItuRosTDFx4Oi8fs3H9oUPZ1c4nCZrl:BjiBm1OtODFxhf+dP1c4n2
Details
File Type: ELF
Yara Hits
YRP/domain | YRP/IP | YRP/contentis_base64 | FlorianRoth/Mirai_Botnet_Malware |
Source
http://23.82.185.164/razor/r4z0r.sh4
Strings
		3=R'04
2)%#a)')A
AMB[!+'{!
B#a=A(1
;"s4"!
;"s0"!
;"G7"!
/sm"O,
qsj !<
Lds`La
Lds`La
}b`fBr-a
 (w$Q.u
P)'#a)#
AmB{!+#;!
=b4r-a
-b,j|a
d$Q u@
P)'#a)#
AmB{!+#;!
R#ay!p1
)'#a)#)A
AmB{!+#;!
Q{#+#y
2*Uk!g
7zPz](p
)'#a)#
AmB{!+#;!
^]cla\
APe|l3j
)'#a)#
AmB{!+#;!
AmH|g;"'
2)'#a)#)A
AmB{!+#;!
/Sn"O}
P)'#a)#
AmB{!+#;!
&	tpgc`
"ca!# 
P)'#a)#
AmB{!+#;!
#nla,b
`"1!Cc
2-a#`)@
/s`miCWDX
	t@bsa9'
`)A|1)@,b9(
t!p!l!h!d!`!\!X!
!|!x!@!0
s<!8!4!0!,!(!$!T!P!L!H!D! !
!l!h!d!`!	
!@!<!8!4!	
!,!(!$!T!	
!L!H!D! !	
"Bc#`ra
Gz#:"* 
j"drc7
Sb}B:!Z"
&l`cc	@cb
B#a=A,1
Az"j!#c
ech3fsb
"ca:!#c
Cb+z":&#aj"R*
g3amA|1Qf
ql22,!!!%
B<cmA{"o
VBa,6f
Sb)BSa
h.d^cba|1
b:" !ba|1
" !ba|1
" !ba|1
Sb)BSa
h.d^cba|1
b:" !ba|1
" !ba|1
" !ba|1
r,aV11
CcKc8#
(w2"$qq
(w2"$qq
(w2"$qq
3e3a u
a,q3b2
sc&0(C
c`K [ h&
qQSRVSWTXUYVZW[
qVcVf(@Vg= Vhm#Vi}&Vj
#`K`cm
vra2"qS
bCa-GSP
r'WCa	
s"f8#r!
j"UCc!X
j#WCc"U
rCc$V#W
j%XCc$V
Cb\fca
x'R$x'
sarb(1
,93fsesh
2("!ba
=R;Q 1	
da)mf0a
(-b2Qq
Q-b"(]e
sc-Cy!sb
"{#;""*
/Ck"O;
POST /cdn-cgi/
 HTTP/1.1
User-Agent: 
Host: 
Cookie: 
/proc/net/tcp
23.82.185.164
abcdefghijklmnopqrstuvw012345678
,9<0=$7
,7gaee
?8"efg
efg`ab
<=gael
75 edfm
5::=1fdef
5::=1fdeg
5::=1fde`
5::=1fdea
5::=1fdeb
?;d"=.,"
?;d509=:
758"=:
2=018efg
0125!8 
'!$$;& 
1$=7&;! 1&
9; ;&;85
93gadd
91&8=:
rPMVGAVQ
q[QVGO"
FGNGVGF
CLKOG"
QVCVWQ"
FTPjGNRGP"
lKeeGp
qMPCnmcfgp"
lKeeGpF
kW{EWHGkSL"
PMWVG"
ARWKLDM"
`memokrq"
NMACN"
UCVAJFME"
UCVAJFME"
}UCVAJFME"
LGVQNKLI
rpktoqe"
egvnmacnkr"
iknncvvi"
eJMQVuWXjGPG
QJGNN"
GLC@NG"
Q[QVGO"
@WQ[@MZ
CRRNGV
DMWLF"
LAMPPGAV"
@WQ[@MZ
@WQ[@MZ
vqMWPAG
gLEKLG
sWGP["
PGQMNT
LCOGQGPTGP
aMLLGAVKML
CNKTG"
cAAGRV
CRRNKACVKML
ZJVON	ZON
CRRNKACVKML
cAAGRV
nCLEWCEG
aMLVGLV
CRRNKACVKML
WPNGLAMFGF"
QGVaMMIKG
PGDPGQJ
NMACVKML
AMMIKG
AMLVGLV
NGLEVJ
VPCLQDGP
GLAMFKLE
AJWLIGF"
AMLLGAVKML
QGPTGP
FMQCPPGQV"
QGPTGP
ANMWFDNCPG
LEKLZ"
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
qCDCPK
oMXKNNC
oCAKLVMQJ
cRRNGuG@iKV
tGPQKML
qCDCPK
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
kLDMrCVJ
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
oqkgaPCUNGP
aGLVGP
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
kLDMrCVJ
oMXKNNC
AMORCVK@NG
uKLFMUQ
vPKFGLV
dWLuG@rPMFWAVQ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
oCAKLVMQJ
dKPGDMZ
oMXKNNC
uKLFMUQ
cRRNGuG@iKV
aJPMOG
CQQUMPF"
GLVGP"
FICMUHDKPJKCF
GFHICK"
/dev/null
.shstrtab
.rodata
.ctors
.dtors