General
-
Target
e7ad7a952b087ef0c26c5af3e6cec658_JaffaCakes118
-
Size
77KB
-
Sample
240408-rvm6baeg3s
-
MD5
e7ad7a952b087ef0c26c5af3e6cec658
-
SHA1
9f76d47e2f8d48fc6d2e483df38663a93b097abc
-
SHA256
62788b16f7ad2f405600f3cff47d8831f5f2dec65ab763b20e21520328a19c44
-
SHA512
db24cf95109093d71f1b2f109759e1bcfbe2377c9a9f1c70630a0aeb1a36d28e0589e91977685fd78cb55712c298c37326dc688332fecd06bc9ddb966d33b58e
-
SSDEEP
1536:D4Z8VUay6+vl/R1KldysUmR9EiYHXwKdjVJhaM75jjETZ:E6Zy6+vdGldysUKqBJh77xjIZ
Malware Config
Extracted
mirai
MIRAI
Targets
-
-
Target
e7ad7a952b087ef0c26c5af3e6cec658_JaffaCakes118
-
Size
77KB
-
MD5
e7ad7a952b087ef0c26c5af3e6cec658
-
SHA1
9f76d47e2f8d48fc6d2e483df38663a93b097abc
-
SHA256
62788b16f7ad2f405600f3cff47d8831f5f2dec65ab763b20e21520328a19c44
-
SHA512
db24cf95109093d71f1b2f109759e1bcfbe2377c9a9f1c70630a0aeb1a36d28e0589e91977685fd78cb55712c298c37326dc688332fecd06bc9ddb966d33b58e
-
SSDEEP
1536:D4Z8VUay6+vl/R1KldysUmR9EiYHXwKdjVJhaM75jjETZ:E6Zy6+vdGldysUKqBJh77xjIZ
Score9/10-
Contacts a large (16473) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-