Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11-04-2024 13:25

General

  • Target

    ed85cbe54992f39205f4167677bc7a60_JaffaCakes118

  • Size

    33KB

  • MD5

    ed85cbe54992f39205f4167677bc7a60

  • SHA1

    f3e1791060f731ae0226d4f7aa2a1562502ed652

  • SHA256

    61f7f72d973e97551c59181180d87fafac13b0fd660bd9f804b8e5cc39016946

  • SHA512

    a242a9913d1b892264e5a6ab038e7e0ac0c2b9bd101d334bab97e75f4c62a5845ba069dce5143193f1f233195f39207278926b21be8b83f68c0271ef1d48d289

  • SSDEEP

    768:3/kL/lc/RMtVrv1gAe59eUDO+q25k52RuY9q3UELCu:3/Il8RMtVv1I599SYk52RuBL1

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ed85cbe54992f39205f4167677bc7a60_JaffaCakes118
    /tmp/ed85cbe54992f39205f4167677bc7a60_JaffaCakes118
    1⤵
    • Reads runtime system information
    PID:645

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/645-1-0x00008000-0x0002dc48-memory.dmp