Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
-
submitted
06-04-2024 06:59
General
-
Target
de40af7283b7ee42aa410037acc972a2_JaffaCakes118
-
Size
31KB
-
MD5
de40af7283b7ee42aa410037acc972a2
-
SHA1
2fd0f94e54bdb7bc656a9eb12955e52cc4dda694
-
SHA256
4f9a08553bcd0f66e477616879ee69c6735d9fe626d46b59afd945761f43ce3e
-
SHA512
664945b8bfeabc2a3c05c440f4f33e23a8594db4df176608aff3e0d3abfd9fcdaf8fb2f0c00aef2be99e29eb164324d6d637041f941b6b3a276879f542fc9b59
-
SSDEEP
768:+nZwAmfH/GbCDJCD9Ea8byWqK4udlB7Nrt+nJ7DgJgGlzDpbuR1Je:+n6AsH/GmDwBJ8byWqKD7JO7DgVJu8
Malware Config
Extracted
mirai
MIRAI
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (20103) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 2 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 20 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/de40af7283b7ee42aa410037acc972a2_JaffaCakes118/tmp/de40af7283b7ee42aa410037acc972a2_JaffaCakes1181⤵
- Enumerates active TCP sockets
- Reads system network configuration