General
-
Target
e346f0286cc04d058447c3f7792cd05c_JaffaCakes118
-
Size
30KB
-
Sample
240406-zwd8ssah5w
-
MD5
e346f0286cc04d058447c3f7792cd05c
-
SHA1
cfdae58e7e595283668b3a4d9e947a1e54ecf6fa
-
SHA256
a0900c119505695f1c14a605c5a794a9608d010e16de4c84c7b716e678281099
-
SHA512
ea663485d8c7dafaa566aca582a4b4522ae45df7f2c7ab2ef48fbc59a7d60e7a29a8e8d4dea0f7af7bc24191aa3a02517f9672d2b53de2cb17cd0420d8233320
-
SSDEEP
768:NygIKfw8EBsLpWEvMW9gvvDM8RY/O77WW:bh3EBsLplvTYTR/
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
e346f0286cc04d058447c3f7792cd05c_JaffaCakes118
-
Size
30KB
-
MD5
e346f0286cc04d058447c3f7792cd05c
-
SHA1
cfdae58e7e595283668b3a4d9e947a1e54ecf6fa
-
SHA256
a0900c119505695f1c14a605c5a794a9608d010e16de4c84c7b716e678281099
-
SHA512
ea663485d8c7dafaa566aca582a4b4522ae45df7f2c7ab2ef48fbc59a7d60e7a29a8e8d4dea0f7af7bc24191aa3a02517f9672d2b53de2cb17cd0420d8233320
-
SSDEEP
768:NygIKfw8EBsLpWEvMW9gvvDM8RY/O77WW:bh3EBsLplvTYTR/
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (17404) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-