Overview

overview

10

Static

static

7

3f0eb5df33...kes118

debian-9-mips

10

Analysis

  • max time kernel
    0s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    30-03-2024 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f0eb5df330b3a0daadaf1e9ea346051_JaffaCakes118

  • Size

    25KB

  • MD5

    3f0eb5df330b3a0daadaf1e9ea346051

  • SHA1

    c003fe400f35d3ac372401b308ca1a0cd25c6da2

  • SHA256

    dcef502e29de30f9f68ffc68a8173457cac545b1e8b92ede8b0b0a97e8202030

  • SHA512

    a4c25a3a034ba7dd2f70c631e1556bc737913be4c9dfba140f2bde2bb20c216b19869595539832e46676ff32af1a670b674fdded2db75f240c48c855e35a8c49

  • SSDEEP

    768:kj79TtbzAvgCyCQfsvQIq1p8ldcJgGlzDpbuR1J+:knBtbzoVDQfsvQrp8YVJuY

Score
10/10
miraisorabotnet

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 1 IoCs

Processes

  • /tmp/3f0eb5df330b3a0daadaf1e9ea346051_JaffaCakes118
    /tmp/3f0eb5df330b3a0daadaf1e9ea346051_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    PID:696

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/696-1-0x00400000-0x00450f80-memory.dmp
    Download