Analysis
-
max time kernel
149s -
max time network
159s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
06/04/2024, 09:07
General
-
Target
e0db9b215d7472e80bb410f7a10414d9_JaffaCakes118
-
Size
28KB
-
MD5
e0db9b215d7472e80bb410f7a10414d9
-
SHA1
6791760dbf0739e933fbb5581b73ce45639062cb
-
SHA256
0526b4b30ceda688d92282e0a2a55d17e3309e9a9d7a2b9d5c46adef04d56c8a
-
SHA512
6e15f26feaa9f9021a931fc4c9b3df8b8c2d7e786a63d1aa6bdca8789ce92f2276ce541a7f2b07454672d46a91ea671249bc58bb2d9b212f6e07012e26111e0a
-
SSDEEP
768:AJ55ogTmYr72RTuM3WxHaG2Lo08nbcuyD7UHQRjQW:o5oZYr72sXB2L18nouy8HyJ
Malware Config
Extracted
Family
mirai
Botnet
UNST
Signatures
-
Contacts a large (20327) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/964/exe File opened for reading /proc/1098/exe File opened for reading /proc/1667/exe File opened for reading /proc/1766/exe File opened for reading /proc/1775/exe File opened for reading /proc/1777/exe File opened for reading /proc/1796/exe File opened for reading /proc/1557/exe File opened for reading /proc/1574/exe File opened for reading /proc/1612/exe File opened for reading /proc/1666/exe File opened for reading /proc/1671/exe File opened for reading /proc/1676/exe File opened for reading /proc/1849/exe File opened for reading /proc/1610/exe File opened for reading /proc/1530/exe File opened for reading /proc/477/exe File opened for reading /proc/573/exe File opened for reading /proc/597/exe File opened for reading /proc/707/exe File opened for reading /proc/1069/exe File opened for reading /proc/1604/exe File opened for reading /proc/1626/exe File opened for reading /proc/488/exe File opened for reading /proc/650/exe File opened for reading /proc/1089/exe File opened for reading /proc/1655/exe File opened for reading /proc/1754/exe File opened for reading /proc/1755/exe File opened for reading /proc/923/exe File opened for reading /proc/1583/exe File opened for reading /proc/1660/exe File opened for reading /proc/1857/exe File opened for reading /proc/1870/exe File opened for reading /proc/1131/exe File opened for reading /proc/1633/exe File opened for reading /proc/426/exe File opened for reading /proc/1071/exe File opened for reading /proc/1114/exe File opened for reading /proc/1768/exe File opened for reading /proc/1782/exe File opened for reading /proc/441/exe File opened for reading /proc/1845/exe File opened for reading /proc/1867/exe File opened for reading /proc/532/exe File opened for reading /proc/1127/exe File opened for reading /proc/495/exe File opened for reading /proc/861/exe File opened for reading /proc/970/exe File opened for reading /proc/1673/exe File opened for reading /proc/1884/exe File opened for reading /proc/461/exe File opened for reading /proc/932/exe File opened for reading /proc/1771/exe File opened for reading /proc/525/exe File opened for reading /proc/957/exe File opened for reading /proc/1085/exe File opened for reading /proc/1527/exe File opened for reading /proc/1623/exe File opened for reading /proc/1536/exe File opened for reading /proc/1563/exe File opened for reading /proc/1585/exe File opened for reading /proc/1659/exe File opened for reading /proc/1877/exe