mirai | 35aced3ec7331040d8bda1c7833ddc3f3f233f56fa9950179a6382485601d158

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
29-03-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ec06055089732fea67930af74be2c95_JaffaCakes118
Size

23KB
MD5

1ec06055089732fea67930af74be2c95
SHA1

367da13e501e81fd72fe4718201f39f66944f9d5
SHA256

35aced3ec7331040d8bda1c7833ddc3f3f233f56fa9950179a6382485601d158
SHA512

519ba6f84326eb14947122b431bf29f1651ec19a57c0c782696a80b3e331da4ba469082c40e1b41e4808d3edc8556afdf65e2ecb8153b8850e6420e9a7f074ed
SSDEEP

384:MB5xGQrRp43lWzaxIemvHsbjvEaJ61IlyMUq6AHz0j+kQy+hqUKK6ZA3d6nmf1TG:a5xnC4axIDGb5AIlJrOj+kgIA3d6nDv

Score

10^/10

mirai sora botnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

Processes:

1ec06055089732fea67930af74be2c95_JaffaCakes118

description	ioc	process
File opened for modification	/dev/watchdog	1ec06055089732fea67930af74be2c95_JaffaCakes118
File opened for modification	/dev/misc/watchdog	1ec06055089732fea67930af74be2c95_JaffaCakes118

Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

1ec06055089732fea67930af74be2c95_JaffaCakes118

description ioc process

File opened for modification /sbin/watchdog 1ec06055089732fea67930af74be2c95_JaffaCakes118

description	ioc	process
File opened for modification	/sbin/watchdog	1ec06055089732fea67930af74be2c95_JaffaCakes118

/tmp/1ec06055089732fea67930af74be2c95_JaffaCakes118
/tmp/1ec06055089732fea67930af74be2c95_JaffaCakes118
1⤵
- Modifies Watchdog functionality
- Writes file to system bin folder
PID:1481

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Impair Defenses

T1562

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1481-1-0x0000000008048000-0x0000000008054680-memory.dmp

Download