General
-
Target
e7b0d11e6f279c3d77f3dd983bac2c22_JaffaCakes118
-
Size
34KB
-
Sample
240408-ry7zwsbe49
-
MD5
e7b0d11e6f279c3d77f3dd983bac2c22
-
SHA1
1016840bdd473f52ffd5c38e940e4bec8005a64e
-
SHA256
00ddb6898632b99d0de1899a2f1a0959f41be76536eda7e62b4b528a7354e34a
-
SHA512
3c7b28bb06c98c892e8b791c02cba9e48387ffa422096a5512288a7fef1f395a23fcebf8b152f5dfdb05640e2bec30fc142d5830aff73a30c9dbe485401d306c
-
SSDEEP
768:2G4+o9Yc0S49JJUTg1LFGvZP9a6qmYM1aH1tQKwwfu4Os3Uozi:2v9tsUTgpFGN9a6hhYVCWNzi
Malware Config
Extracted
mirai
LZRD
Targets
-
-
Target
e7b0d11e6f279c3d77f3dd983bac2c22_JaffaCakes118
-
Size
34KB
-
MD5
e7b0d11e6f279c3d77f3dd983bac2c22
-
SHA1
1016840bdd473f52ffd5c38e940e4bec8005a64e
-
SHA256
00ddb6898632b99d0de1899a2f1a0959f41be76536eda7e62b4b528a7354e34a
-
SHA512
3c7b28bb06c98c892e8b791c02cba9e48387ffa422096a5512288a7fef1f395a23fcebf8b152f5dfdb05640e2bec30fc142d5830aff73a30c9dbe485401d306c
-
SSDEEP
768:2G4+o9Yc0S49JJUTg1LFGvZP9a6qmYM1aH1tQKwwfu4Os3Uozi:2v9tsUTgpFGN9a6hhYVCWNzi
-
Contacts a large (197485) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-